RedXen/frontend-docker
RedXen
/
frontend-docker
Archived
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Remove default CSPs, add proper caching to the homepage and remove grace cache serving

This commit is contained in:
Alex 2020-03-23 16:06:36 +01:00
parent 91028573d1
commit 74cb825acb
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
3 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
build/HAProxy/Dockerfile
View File

@ -1,3 +1,2 @@
FROM haproxy:alpine FROM haproxy:alpine
COPY haproxy.conf /usr/local/etc/haproxy/haproxy.cfg COPY haproxy.conf /usr/local/etc/haproxy/haproxy.cfg

6
build/HAProxy/haproxy.conf
View File

@ -53,8 +53,6 @@ frontend https
http-response replace-header Set-Cookie (.*) \1;\ Secure http-response replace-header Set-Cookie (.*) \1;\ Secure
http-response add-header X-Forwarded-Proto https http-response add-header X-Forwarded-Proto https
http-response set-header Cache-Control public\ max-age=31536000 if homepage
http-response set-header X-XSS-Protection 1;\ mode=block http-response set-header X-XSS-Protection 1;\ mode=block
http-response set-header X-Content-Type-Options nosniff http-response set-header X-Content-Type-Options nosniff
http-response set-header Referrer-Policy no-referrer-when-downgrade http-response set-header Referrer-Policy no-referrer-when-downgrade
@ -69,13 +67,13 @@ frontend https
backend homepage backend homepage
server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check server-template redxen-space 3 rxhome.s3-website.eu-central-1.amazonaws.com:80 no-check
http-response set-header Cache-Control public\ max-age=31536000
http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com http-request set-header Host rxhome.s3-website.eu-central-1.amazonaws.com
http-request set-header Connection \"\" http-request set-header Connection \"\"
backend grafana backend grafana
server-template grafana-docker 5 tasks.tig_grafana:3000 server-template grafana-docker 5 tasks.tig_grafana:3000
option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu option httpchk HEAD / HTTP/1.1\r\nHost:\ stats.redxen.eu
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
backend fedi backend fedi
server pleroma-docker tasks.pleroma_server:4000 server pleroma-docker tasks.pleroma_server:4000
@ -84,11 +82,9 @@ backend fedi
backend git backend git
server git-docker tasks.git_gitea:3000 server git-docker tasks.git_gitea:3000
option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu option httpchk HEAD / HTTP/1.1\r\nHost:\ git.redxen.eu
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ https:\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'unsafe-inline\'\ \'unsafe-eval\'\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
backend transmission backend transmission
server transmission-docker tasks.seedbox_transmission:9091 server transmission-docker tasks.seedbox_transmission:9091
http-response set-header Content-Security-Policy default-src\ \'self\';connect-src\ \'self\';font-src\ https:\ data:\ \'self\';script-src\ \'self\';style-src\ \'self\'\ \'unsafe-inline\';media-src\ https:\ \'self\';img-src\ https:\ blob:\ data:\ \'self\';frame-src\ \'self\';object-src\ \'none\';block-all-mixed-content;upgrade-insecure-requests
backend seedown backend seedown
server httpd-seedown tasks.seedbox_httpd:80 server httpd-seedown tasks.seedbox_httpd:80

5
build/Varnish/varnish.vcl
View File

@ -36,10 +36,7 @@ sub vcl_hash {
return (lookup); return (lookup);
} }
sub vcl_hit { sub vcl_hit {
if (obj.ttl + obj.grace > 0s) { return (deliver);
return (deliver);
}
return (pass);
} }
sub vcl_miss { sub vcl_miss {
return (fetch); return (fetch);