web configuration tweaks

2016-01-17 10:49:11 +00:00 · 2016-01-17 10:49:11 +00:00 · b9efd79f19
parent 06f023da67
commit b9efd79f19
1 changed files with 9 additions and 1 deletions
--- a/src/freedombone
+++ b/src/freedombone
@ -6372,7 +6372,7 @@ quit" > $INSTALL_DIR/batch.sql
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$1;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
    echo '        fastcgi_param PATH_INFO $2;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
-    echo '        fastcgi_param HTTPS on;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
+    echo '        fastcgi_param HTTPS off;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
    echo '    # Optional: set long EXPIRES header on static assets' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
@ -6637,6 +6637,8 @@ quit" > $INSTALL_DIR/batch.sql
        echo "    server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
        echo '    access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
        echo "    error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+        echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
+        echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
        echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
        echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
        echo '    location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
@ -7425,6 +7427,9 @@ function install_wiki {
        echo '    client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
        echo '    client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
        echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
        echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
        echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
@ -7785,6 +7790,9 @@ function install_blog {
        echo '    limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
        echo '    limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
        echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+        echo '    add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+        echo '    add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
+        echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
        echo '    # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
        echo '    location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
        echo '        rewrite ^ https://$server_name$request_uri?;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME