Merge pull request #605 from bt90/patch-1

Add basic security headers
2025-02-26 00:53:23 +08:00 · 2022-01-14 08:55:41 -05:00 · 2022-01-14 08:55:41 -05:00 · 78df049472
commit 78df049472
parent 9e845af8f7 64c98d45ee
1 changed files with 20 additions and 6 deletions
--- a/docker/Caddyfile
+++ b/docker/Caddyfile
@ -1,19 +1,33 @@
 {
-    # LetsEncrypt account
-    email YOUR_EMAIL
+        # LetsEncrypt account
+        email YOUR_EMAIL
 }

 # Dashboard
 https://dashboard.NETMAKER_BASE_DOMAIN {
-    reverse_proxy http://127.0.0.1:8082
+        # Apply basic security headers
+        header {
+                # Enable HTTP Strict Transport Security (HSTS)
+                Strict-Transport-Security "max-age=31536000;"
+                # Enable cross-site filter (XSS) and tell browser to block detected attacks
+                X-XSS-Protection "1; mode=block"
+                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
+                X-Frame-Options "SAMEORIGIN"
+                # Prevent search engines from indexing
+                X-Robots-Tag "none"
+                # Remove the server name
+                -Server
+        }
+
+        reverse_proxy http://127.0.0.1:8082
 }

 # API
 https://api.NETMAKER_BASE_DOMAIN {
-    reverse_proxy http://127.0.0.1:8081
+        reverse_proxy http://127.0.0.1:8081
 }

 # gRPC
 https://grpc.NETMAKER_BASE_DOMAIN {
-    reverse_proxy h2c://127.0.0.1:50051
-}
+        reverse_proxy h2c://127.0.0.1:50051
+}