mirror of
https://github.com/tommytran732/Linux-Setup-Scripts
synced 2024-11-21 17:11:33 -05:00
FIx Drupal security headers
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
parent
71eff3c907
commit
aaa26ae2b9
@ -66,6 +66,8 @@ certbot certonly --nginx --no-eff-email \
|
|||||||
|
|
||||||
## NGINX configuration file
|
## NGINX configuration file
|
||||||
|
|
||||||
|
As root, download [this file](https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/sample-configurations/snippets/security-drupal-no-proxy.conf) and put it in `/etc/nginx/conf.d/snippets.conf`
|
||||||
|
|
||||||
As root, put the following file in `/etc/nginx/conf.d/sites_drupal.conf`:
|
As root, put the following file in `/etc/nginx/conf.d/sites_drupal.conf`:
|
||||||
|
|
||||||
```
|
```
|
||||||
@ -83,7 +85,7 @@ server {
|
|||||||
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/drupal.yourdomain.tld.der;
|
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/drupal.yourdomain.tld.der;
|
||||||
|
|
||||||
include snippets/hsts.conf;
|
include snippets/hsts.conf;
|
||||||
include snippets/security.conf;
|
include snippets/security-drupal-no-proxy.conf;
|
||||||
include snippets/cross-origin-security.conf;
|
include snippets/cross-origin-security.conf;
|
||||||
include snippets/quic.conf;
|
include snippets/quic.conf;
|
||||||
|
|
||||||
@ -135,4 +137,4 @@ As the drupal user, run:
|
|||||||
```
|
```
|
||||||
chmod 400 /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
|
chmod 400 /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
|
||||||
setfacl -m u:nginx:r /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
|
setfacl -m u:nginx:r /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user