Greg/Coffee_Windsurf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Coffee_Windsurf/coolify-nginx.conf

57 lines
2.2 KiB
Plaintext
Raw Blame History

# Coolify Static Site Security Configuration
# This file provides nginx security headers for static sites deployed on Coolify
# Place this in your project root or reference it in your nixpacks.toml
# Security headers for static sites served by nginx in Coolify
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; script-src 'self'; img-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self';" always;
# Additional security measures
add_header X-Permitted-Cross-Domain-Policies none always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Hide nginx version
server_tokens off;
# Prevent access to hidden files
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
# Prevent access to backup and temporary files
location ~* \.(bak|backup|old|tmp|swp|swo|log)$ {
deny all;
access_log off;
log_not_found off;
}
# Security for common files
location ~* \.(htaccess|htpasswd|ini|log|sh|sql|conf)$ {
deny all;
access_log off;
log_not_found off;
}
# Optimize static file serving
location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
}
# Main location for HTML files
location / {
try_files $uri $uri/ /index.html;
add_header X-Content-Type-Options nosniff always;
add_header X-Frame-Options DENY always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self'; script-src 'self'; img-src 'self' data:; object-src 'none'; base-uri 'self'; form-action 'self';" always;
}
Reference in New Issue View Git Blame Copy Permalink