From c40a80a2367dd1439e33145f7d14458f63cd0f59 Mon Sep 17 00:00:00 2001 From: Moviuro Date: Thu, 26 Jul 2018 18:07:23 +0200 Subject: [PATCH] Update nginx.rst Avoid leaking `X-Powered-By` Add link to a sane nginx TLS configuration --- admin_manual/installation/nginx.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/admin_manual/installation/nginx.rst b/admin_manual/installation/nginx.rst index 9d07ae9aa..a24a31bf3 100644 --- a/admin_manual/installation/nginx.rst +++ b/admin_manual/installation/nginx.rst @@ -52,6 +52,9 @@ webroot of your nginx installation. In this example it is listen [::]:443 ssl http2; server_name cloud.example.com; + # Use Mozilla's guidelines for SSL/TLS settings + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + # NOTE: some settings below might be redundant ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; @@ -72,6 +75,9 @@ webroot of your nginx installation. In this example it is add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + # Path to the root of your installation root /var/www/nextcloud/; @@ -198,6 +204,9 @@ your nginx installation. listen [::]:443 ssl http2; server_name cloud.example.com; + # Use Mozilla's guidelines for SSL/TLS settings + # https://mozilla.github.io/server-side-tls/ssl-config-generator/ + # NOTE: some settings below might be redundant ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; @@ -211,6 +220,9 @@ your nginx installation. add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + # Path to the root of your installation root /var/www/;