From 261d6dafe4df8e8d52827b61b384c43cb1fc47f2 Mon Sep 17 00:00:00 2001 From: Jan Kiesewetter Date: Wed, 2 Mar 2022 11:38:33 +0100 Subject: [PATCH] Prevent nginx HTTP Server Detection Signed-off-by: Jan Kiesewetter --- admin_manual/installation/nginx-root.conf.sample | 6 ++++++ admin_manual/installation/nginx-subdir.conf.sample | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/admin_manual/installation/nginx-root.conf.sample b/admin_manual/installation/nginx-root.conf.sample index 99a6da5c1..6616f89f9 100644 --- a/admin_manual/installation/nginx-root.conf.sample +++ b/admin_manual/installation/nginx-root.conf.sample @@ -15,6 +15,9 @@ server { listen [::]:80; server_name cloud.example.com; + # Prevent nginx HTTP Server Detection + server_tokens off; + # Enforce HTTPS return 301 https://$server_name$request_uri; } @@ -32,6 +35,9 @@ server { ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; + # Prevent nginx HTTP Server Detection + server_tokens off; + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option diff --git a/admin_manual/installation/nginx-subdir.conf.sample b/admin_manual/installation/nginx-subdir.conf.sample index 87718cb1a..199cce264 100644 --- a/admin_manual/installation/nginx-subdir.conf.sample +++ b/admin_manual/installation/nginx-subdir.conf.sample @@ -14,6 +14,9 @@ server { listen [::]:80; server_name cloud.example.com; + # Prevent nginx HTTP Server Detection + server_tokens off; + # Enforce HTTPS just for `/nextcloud` location /nextcloud { return 301 https://$server_name$request_uri; @@ -33,6 +36,9 @@ server { ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; + # Prevent nginx HTTP Server Detection + server_tokens off; + # HSTS settings # WARNING: Only add the preload option once you read about # the consequences in https://hstspreload.org/. This option