added security.conf with higher precedence

fixes again #88
2025-08-09 20:33:43 +08:00 · 2019-05-22 19:31:08 +02:00
parent 9a15dcb7ca
commit 7fedd0a9db
4 changed files with 39 additions and 17 deletions
--- a/public/templates/conf/nginxconfig.io/general.conf.html
+++ b/public/templates/conf/nginxconfig.io/general.conf.html
@@ -1,20 +1,3 @@
-# security headers
-add_header X-Frame-Options "SAMEORIGIN" always;
-add_header X-XSS-Protection "1; mode=block" always;
-add_header X-Content-Type-Options "nosniff" always;
-add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
-
-✔ CSP --><span ng-if="isCSP()">
-add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
-
-✔ HSTS--><span ng-if="hasCommonHSTS()">
-add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains() ? '; includeSubDomains' : '' }}{{ isHSTSPreload() ? '; preload' : '' }}" always;</span>
-
-# . files
-location ~ /\.(?!well-known) {
-	deny all;
-}
-
 # favicon.ico
 location = /favicon.ico {
 	log_not_found off;<!--
--- a/public/templates/conf/nginxconfig.io/security.conf.html
+++ b/public/templates/conf/nginxconfig.io/security.conf.html
@@ -0,0 +1,16 @@
+# security headers
+add_header X-Frame-Options "SAMEORIGIN" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header Referrer-Policy "{{ data.referrer_policy }}" always;<!--
+
+✔ CSP --><span ng-if="isCSP()">
+add_header Content-Security-Policy "{{ data.content_security_policy }}" always;</span><!--
+
+✔ HSTS--><span ng-if="hasCommonHSTS()">
+add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains() ? '; includeSubDomains' : '' }}{{ isHSTSPreload() ? '; preload' : '' }}" always;</span>
+
+# . files
+location ~ /\.(?!well-known) {
+	deny all;
+}
--- a/public/templates/conf/sites-available/example.com.conf.html
+++ b/public/templates/conf/sites-available/example.com.conf.html
@@ -37,6 +37,19 @@ server {<!--
 	# HSTS
 	add_header Strict-Transport-Security "max-age=31536000{{ isHSTSSubdomains(_site) ? '; includeSubDomains' : '' }}{{ isHSTSPreload(_site) ? '; preload' : '' }}" always;</span><!--

+	✔ modularized --><span ng-if="isModularized()">
+
+	# security
+	include nginxconfig.io/security.conf;</span><!--
+
+	✔ unified --><span ng-if="isUnified()"><!--
+
+-->
+
+<!--
+
+--><ng-include ng-include-tabs="2" src="'templates/conf/nginxconfig.io/security.conf.html?v=COMMIT_HASH'" onload="refreshHighlighting()"></ng-include></span><!--
+
 	✔ access log domain || error log domain --><span ng-if="isAccessLogDomain(_site) || isErrorLogDomain(_site)">

 	# logging<!--
@@ -119,6 +132,7 @@ server {<!--


 	✔ modularized --><span ng-if="isModularized()">
+	# additional config
 	include nginxconfig.io/general.conf;</span><!--

 	✔ modularized && ✔ WordPress --><span ng-if="isModularized() && isWordPress(_site)">