diff options
Diffstat (limited to 'installation')
| -rw-r--r-- | installation/pleroma.nginx | 10 | ||||
| -rw-r--r-- | installation/pleroma.service | 1 | ||||
| -rw-r--r-- | installation/pleroma.vcl | 11 |
3 files changed, 12 insertions, 10 deletions
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 895799a8e..44905da49 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -59,6 +59,16 @@ server { } # stop removing lines here. + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + add_header Referrer-Policy same-origin; + add_header X-Download-Options noopen; + + # Uncomment this only after you get HTTPS working. + # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/installation/pleroma.service b/installation/pleroma.service index fe314ed2b..fd4180985 100644 --- a/installation/pleroma.service +++ b/installation/pleroma.service @@ -13,4 +13,3 @@ Restart=on-failure [Install] WantedBy=multi-user.target -Alias=pleroma.service diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index fe9bf056b..63c1cb74d 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -39,15 +39,9 @@ sub vcl_recv { return (hash); } - # Hack to enable a Terms of Service page missing from Pleroma - if (req.url ~ "^/about/more$") { - set req.http.x-redir = "https://" + req.http.host + "/static/terms-of-service.html"; - return (synth(750, "")); - } - # Strip headers that will affect caching from all other static content # This also permits caching of individual toots and AP Activities - if ((req.url ~ "^/(media|notice|objects|static)/") || + if ((req.url ~ "^/(media|static)/") || (req.url ~ "(?i)\.(html|js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) { unset req.http.Cookie; @@ -99,8 +93,7 @@ sub vcl_backend_response { # Strip cache-restricting headers from Pleroma on static content that we want to cache # Also enable streaming of cached content to clients (no waiting for Varnish to complete backend fetch) - if ((bereq.url ~ "^/(notice|objects)/") || - (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$")) + if (bereq.url ~ "(?i)\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|ttf|pdf|woff|woff2)$") { unset beresp.http.set-cookie; unset beresp.http.Cache-Control; |