1
0
mirror of https://github.com/tommytran732/Linux-Setup-Scripts synced 2024-11-21 17:11:33 -05:00

FIx Drupal security headers

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-26 21:01:57 -07:00
parent 71eff3c907
commit aaa26ae2b9
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -66,6 +66,8 @@ certbot certonly --nginx --no-eff-email \
## NGINX configuration file ## NGINX configuration file
As root, download [this file](https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/sample-configurations/snippets/security-drupal-no-proxy.conf) and put it in `/etc/nginx/conf.d/snippets.conf`
As root, put the following file in `/etc/nginx/conf.d/sites_drupal.conf`: As root, put the following file in `/etc/nginx/conf.d/sites_drupal.conf`:
``` ```
@ -83,7 +85,7 @@ server {
ssl_stapling_file /var/cache/certbot-ocsp-fetcher/drupal.yourdomain.tld.der; ssl_stapling_file /var/cache/certbot-ocsp-fetcher/drupal.yourdomain.tld.der;
include snippets/hsts.conf; include snippets/hsts.conf;
include snippets/security.conf; include snippets/security-drupal-no-proxy.conf;
include snippets/cross-origin-security.conf; include snippets/cross-origin-security.conf;
include snippets/quic.conf; include snippets/quic.conf;
@ -135,4 +137,4 @@ As the drupal user, run:
``` ```
chmod 400 /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php chmod 400 /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
setfacl -m u:nginx:r /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php setfacl -m u:nginx:r /srv/drupal/drupal.yourdomain.tld/web/sites/default/settings.php
``` ```