X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/7d41b07d2090855c7fd3117b62a1e6ecbf20b246..0a20e75aa3afc5a54a3b15b67023fbb6d05a5ffc:/cookbooks/imagery/templates/default/nginx_imagery.conf.erb diff --git a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb index 1c828d9b1..afe33dfb9 100644 --- a/cookbooks/imagery/templates/default/nginx_imagery.conf.erb +++ b/cookbooks/imagery/templates/default/nginx_imagery.conf.erb @@ -1,5 +1,6 @@ server { listen 80; + listen [::]:80; server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>; rewrite ^/\.well-known/acme-challenge/(.*)$ http://acme.openstreetmap.org/.well-known/acme-challenge/$1 permanent; @@ -22,6 +23,7 @@ upstream <%= @name %>_fastcgi { server { listen 443 ssl http2; + listen [::]:443 ssl http2; server_name <%= @name %> a.<%= @name %> b.<%= @name %> c.<%= @name %><% @aliases.each do |alias_name| %> <%= alias_name %> a.<%= alias_name %> b.<%= alias_name %> c.<%= alias_name %><%- end -%>; ssl_certificate /etc/ssl/certs/<%= @name %>.pem; @@ -31,12 +33,6 @@ server { add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always; <% end -%> - # CSP report only policy - add_header Content-Security-Policy-Report-Only "default-src 'none'; form-action 'none'; frame-ancestors 'none'; report-uri https://openstreetmap.report-uri.com/r/d/csp/wizard"; - # Add NEL reporting - add_header Report-To "{\"group\":\"default\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://openstreetmap.report-uri.com/a/d/g\"}],\"include_subdomains\":true}"; - add_header NEL "{\"report_to\":\"default\",\"max_age\":604800,\"include_subdomains\":true}"; - # Requests sent within early data are subject to replay attacks. # See: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data ssl_early_data on;