parent
271d123846
commit
4b6ebf31c6
@ -1,5 +1,7 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name ~^www.(?<domain>.+)$;
|
||||
|
||||
include /etc/nginx/server.d/*.conf;
|
||||
return {{REDIRECT_CODE}} {{REDIRECT_PROTO}}://$domain$request_uri;
|
||||
}
|
||||
|
@ -0,0 +1,9 @@
|
||||
version: '3'
|
||||
services:
|
||||
backend:
|
||||
build: ../../
|
||||
volumes:
|
||||
- './index.html:/var/www/index.html'
|
||||
- './headers.conf:/etc/nginx/location.d/headers.conf'
|
||||
ports:
|
||||
- '80:80'
|
@ -0,0 +1,25 @@
|
||||
# The X-Frame-Options header indicates whether a browser should be allowed
|
||||
# to render a page within a frame or iframe.
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
|
||||
# MIME type sniffing security protection
|
||||
# There are very few edge cases where you wouldn't want this enabled.
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
|
||||
# The X-XSS-Protection header is used by Internet Explorer version 8+
|
||||
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
# Prevent mobile network providers from modifying your site
|
||||
#
|
||||
# (!) If you are using `ngx_pagespeed`, please note that setting
|
||||
# the `Cache-Control: no-transform` response header will prevent
|
||||
# `PageSpeed` from rewriting `HTML` files, and, if
|
||||
# `pagespeed DisableRewriteOnNoTransform off` is not used, also
|
||||
# from rewriting other resources.
|
||||
#
|
||||
# https://developers.google.com/speed/pagespeed/module/configuration#notransform
|
||||
add_header "Cache-Control" "no-transform";
|
||||
|
||||
# Force the latest IE version
|
||||
add_header "X-UA-Compatible" "IE=Edge";
|
@ -0,0 +1,3 @@
|
||||
<h1>Extra Headers</h1>
|
||||
|
||||
<p>Please open your browsers dev-tools to inspect the respone headers!</p>
|
Loading…
Reference in new issue