Function to disable content sniffing
This commit is contained in:
parent
a870beed6e
commit
e686bef00a
|
@ -1471,6 +1471,14 @@ function nginx_ssl {
|
|||
echo " ssl_ciphers '$SSL_CIPHERS';" >> $filename
|
||||
}
|
||||
|
||||
function nginx_disable_sniffing {
|
||||
domain_name=$1
|
||||
filename=/etc/nginx/sites-available/$domain_name
|
||||
echo ' add_header X-Frame-Options DENY;' >> $filename
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> $filename
|
||||
echo '' >> $filename
|
||||
}
|
||||
|
||||
function set_repo_commit {
|
||||
repo_dir=$1
|
||||
repo_commit_name=$2
|
||||
|
@ -6502,8 +6510,7 @@ function install_owncloud {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
nginx_ssl $OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
|
@ -6578,8 +6585,7 @@ function install_owncloud {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
nginx_disable_sniffing $OWNCLOUD_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # if you want to be able to access the site via HTTP' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
echo ' # then replace the above with the following:' >> /etc/nginx/sites-available/$OWNCLOUD_DOMAIN_NAME
|
||||
|
@ -6899,8 +6905,7 @@ function install_gogs {
|
|||
echo " server_name $GIT_DOMAIN_NAME;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' access_log off;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo " error_log /var/log/nginx/${GIT_DOMAIN_NAME}_error.log $WEBSERVER_LOG_LEVEL;" >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
|
@ -6925,8 +6930,7 @@ function install_gogs {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
nginx_ssl $GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
|
@ -6960,8 +6964,7 @@ function install_gogs {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
nginx_disable_sniffing $GIT_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
echo ' location / {' >> /etc/nginx/sites-available/$GIT_DOMAIN_NAME
|
||||
|
@ -7661,8 +7664,7 @@ function install_wiki {
|
|||
echo ' client_max_body_size 20m;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' client_body_buffer_size 128k;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
|
@ -7745,8 +7747,7 @@ function install_wiki {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
nginx_ssl $WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
|
@ -7829,8 +7830,7 @@ function install_wiki {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
nginx_disable_sniffing $WIKI_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$WIKI_DOMAIN_NAME
|
||||
|
@ -8000,8 +8000,7 @@ function install_blog {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' # Always redirect the login page to https' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' location /login {' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
|
@ -8086,8 +8085,7 @@ function install_blog {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
nginx_ssl $FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
|
@ -8170,8 +8168,7 @@ function install_blog {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
nginx_disable_sniffing $FULLBLOG_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$FULLBLOG_DOMAIN_NAME
|
||||
|
@ -8394,8 +8391,7 @@ function install_rss_reader {
|
|||
echo ' deny all;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
nginx_disable_sniffing $RSS_READER_DOMAIN_NAME
|
||||
echo ' client_max_body_size 15m;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
echo ' set $mobile_rewrite do_not_perform;' >> /etc/nginx/sites-available/$RSS_READER_DOMAIN_NAME
|
||||
|
@ -8660,8 +8656,7 @@ function install_gnu_social {
|
|||
echo '' >> $microblog_nginx_site
|
||||
echo ' # Security' >> $microblog_nginx_site
|
||||
nginx_ssl $MICROBLOG_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
|
||||
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $microblog_nginx_site
|
||||
echo '' >> $microblog_nginx_site
|
||||
echo ' # Logs' >> $microblog_nginx_site
|
||||
|
@ -8735,8 +8730,7 @@ function install_gnu_social {
|
|||
echo ' deny all;' >> $microblog_nginx_site
|
||||
echo ' }' >> $microblog_nginx_site
|
||||
echo '' >> $microblog_nginx_site
|
||||
echo ' add_header X-Frame-Options DENY;' >> $microblog_nginx_site
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> $microblog_nginx_site
|
||||
nginx_disable_sniffing $MICROBLOG_DOMAIN_NAME
|
||||
echo ' client_max_body_size 15m;' >> $microblog_nginx_site
|
||||
echo '}' >> $microblog_nginx_site
|
||||
|
||||
|
@ -9124,8 +9118,7 @@ function install_hubzilla {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
nginx_ssl $HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
|
@ -9201,8 +9194,7 @@ function install_hubzilla {
|
|||
echo ' limit_conn conn_limit_per_ip 10;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
nginx_disable_sniffing $HUBZILLA_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=15768000;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
|
@ -9512,8 +9504,7 @@ function install_mediagoblin {
|
|||
echo ' limit_req zone=req_limit_per_ip burst=10 nodelay;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
nginx_ssl $MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' add_header X-Frame-Options DENY;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' add_header X-Content-Type-Options nosniff;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' add_header Strict-Transport-Security max-age=0;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' location / {' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
|
|
Loading…
Reference in New Issue