From 74cb825acbf0c62251711085b4108a2ca0d57d0f Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 23 Mar 2020 16:06:36 +0100 Subject: [PATCH] Remove default CSPs, add proper caching to the homepage and remove grace cache serving --- build/HAProxy/Dockerfile | 1 - build/HAProxy/haproxy.conf | 6 +----- build/Varnish/varnish.vcl | 5 +---- 3 files changed, 2 insertions(+), 10 deletions(-) diff --git a/build/HAProxy/Dockerfile b/build/HAProxy/Dockerfile index 2d95727..7510d1a 100644 --- a/build/HAProxy/Dockerfile +++ b/build/HAProxy/Dockerfile @@ -1,3 +1,2 @@ FROM haproxy:alpine - COPY haproxy.conf /usr/local/etc/haproxy/haproxy.cfg diff --git a/build/HAProxy/haproxy.conf b/build/HAProxy/haproxy.conf index e50575e..ddf3e60 100644 --- a/build/HAProxy/haproxy.conf +++ b/build/HAProxy/haproxy.conf @@ -53,8 +53,6 @@ frontend https http-response replace-header Set-Cookie (.*) \1;\ Secure http-response add-header X-Forwarded-Proto https - http-response set-header Cache-Control public\ max-age=31536000 if homepage - http-response set-header X-XSS-Protection 1;\ mode=block http-response set-header X-Content-Type-Options nosniff http-response set-header Referrer-Policy no-referrer-when-downgrade @@ -69,13 +67,13 @@ frontend https backend homepage server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check + http-response set-header Cache-Control public\ max-age=31536000 http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com http-request set-header Connection \"\" backend grafana server-template grafana-docker 5 tasks.tig_grafana:3000 option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend fedi server pleroma-docker tasks.pleroma_server:4000 @@ -84,11 +82,9 @@ backend fedi backend git server git-docker tasks.git_gitea:3000 option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend transmission server transmission-docker tasks.seedbox_transmission:9091 - http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests backend seedown server httpd-seedown tasks.seedbox_httpd:80 diff --git a/build/Varnish/varnish.vcl b/build/Varnish/varnish.vcl index 0347291..f719fe8 100644 --- a/build/Varnish/varnish.vcl +++ b/build/Varnish/varnish.vcl @@ -36,10 +36,7 @@ sub vcl_hash { return (lookup); } sub vcl_hit { - if (obj.ttl + obj.grace > 0s) { - return (deliver); - } - return (pass); + return (deliver); } sub vcl_miss { return (fetch);