430f6e2baa
Some checks failed
Test / test (push) Has been cancelled
- Rate limiting (10 req/s per IP, burst 20) - Modern security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) - Request body size limits (50m) - Fixed header inheritance bug in static files location block - Removed unused form fields (NGINX_INTERNAL_PORT, NGINX_ENABLE_ACCESS_LOG) - SSL handled by Runtipi reverse proxy Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
43 lines
1.2 KiB
Plaintext
43 lines
1.2 KiB
Plaintext
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
|
|
server_name _;
|
|
|
|
root /usr/share/nginx/html;
|
|
index index.html index.htm;
|
|
|
|
# Headers de securite
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
|
|
|
|
# Rate limiting (burst de 20 requetes autorise)
|
|
limit_req zone=general burst=20 nodelay;
|
|
|
|
location / {
|
|
try_files $uri $uri/ =404;
|
|
}
|
|
|
|
# Desactiver l'acces aux fichiers caches
|
|
location ~ /\. {
|
|
deny all;
|
|
access_log off;
|
|
log_not_found off;
|
|
}
|
|
|
|
# Cache pour les fichiers statiques
|
|
# Note: on utilise uniquement "expires" ici pour ne pas ecraser
|
|
# les headers de securite du bloc server (comportement add_header de nginx)
|
|
location ~* \.(jpg|jpeg|png|gif|ico|css|js|pdf|txt|woff|woff2|ttf|svg)$ {
|
|
expires 7d;
|
|
}
|
|
|
|
error_page 404 /404.html;
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
}
|