khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

add header security directives for nginx (see core #15342)

Browse Source
This commit is contained in:
Martin
2015-06-24 15:07:58 +02:00
parent 4ba602f83b
commit 6dc03ebabb
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
admin_manual/configuration_server/harden_server.rst
View File

@@ -145,14 +145,17 @@ However, these headers are added by the applications code in PHP and thus not
served on static resources and rely on the fact that there is no way to bypass
the intended response code path.
For optimal security administrators are encouraged to serve these basic HTTP
headers by the web server to enforce them on response. To do this Apache has to
be configured to use the ``.htaccess`` file as well as the following Apache
For optimal security, administrators are encouraged to serve these basic HTTP
headers by the web server to enforce them on response.
Apache has to be configured to use the ``.htaccess`` file as well as the following Apache
modules needs to be enabled:
- mod_headers
- mod_env
For nginx, please see the nginx configuration example :ref:`nginx_configuration_example`
Administrators can verify whether this security change is active by accessing a
static resource served by the web server and verify that above mentioned
security headers are shipped.

10
admin_manual/installation/nginx_configuration.rst
View File

@@ -1,3 +1,4 @@
.. _nginx_configuration_example:
Nginx Configuration
===================
@@ -34,6 +35,13 @@ Nginx Configuration
ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
@@ -105,4 +113,4 @@ Nginx Configuration
- Remove **ssl_certificate** and **ssl_certificate_key**.
- Remove **fastcgi_params HTTPS on;**
.. note:: If you are using php-fpm please read :ref:`using_php-fpm`
.. note:: If you are using php-fpm please read :ref:`using_php-fpm`