From f3168588500fce42d827e0d89afb1802d2fcf4bc Mon Sep 17 00:00:00 2001 From: Marco Date: Fri, 18 Jun 2021 13:43:57 +0200 Subject: [PATCH 1/2] Moving Mattermost nginx configuration to default.conf Nginx expects the default server configuration to be inside an default.conf file. --- nginx/conf.d/{mattermost.conf => default.conf} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename nginx/conf.d/{mattermost.conf => default.conf} (100%) diff --git a/nginx/conf.d/mattermost.conf b/nginx/conf.d/default.conf similarity index 100% rename from nginx/conf.d/mattermost.conf rename to nginx/conf.d/default.conf From 51b61fb2d8efa57a47ea8993d8a02f243e0e898c Mon Sep 17 00:00:00 2001 From: Marco Kundt Date: Wed, 23 Jun 2021 21:18:49 +0200 Subject: [PATCH 2/2] Minor Nginx tweaks Because of privacy concerns it's desirable to disable referrer, FLoC and Cloudflare as resolver. --- nginx/conf.d/default.conf | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/nginx/conf.d/default.conf b/nginx/conf.d/default.conf index be9e4eb..d24a624 100644 --- a/nginx/conf.d/default.conf +++ b/nginx/conf.d/default.conf @@ -61,7 +61,7 @@ server { # OCSP stapling ssl_stapling on; ssl_stapling_verify on; - resolver 1.1.1.1; + #resolver 1.1.1.1; # verify chain of trust of OCSP response using Root CA and Intermediate certs #ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; @@ -72,8 +72,9 @@ server { add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Referrer-Policy no-referrer; add_header Strict-Transport-Security "max-age=63072000" always; + add_header Permissions-Policy "interest-cohort=()"; ## locations # ACME-challenge