mirror of
https://github.com/DanWin/mail-hosting.git
synced 2024-11-21 23:20:25 +00:00
Add mta-sts configuration
This commit is contained in:
parent
c79682eb0b
commit
df35dc5e05
4 changed files with 20 additions and 6 deletions
|
@ -45,7 +45,6 @@ server {
|
||||||
add_header Referrer-Policy no-referrer always;
|
add_header Referrer-Policy no-referrer always;
|
||||||
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
||||||
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
||||||
add_header Expect-CT "max-age=86400, enforce" always;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
add_header Cross-Origin-Embedder-Policy require-corp always;
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
||||||
add_header Cross-Origin-Opener-Policy same-origin always;
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
||||||
|
@ -70,7 +69,6 @@ server {
|
||||||
add_header Referrer-Policy no-referrer always;
|
add_header Referrer-Policy no-referrer always;
|
||||||
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
|
||||||
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
||||||
add_header Expect-CT "max-age=86400, enforce" always;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
add_header Cross-Origin-Embedder-Policy require-corp always;
|
add_header Cross-Origin-Embedder-Policy require-corp always;
|
||||||
add_header Cross-Origin-Opener-Policy same-origin always;
|
add_header Cross-Origin-Opener-Policy same-origin always;
|
||||||
|
@ -82,7 +80,6 @@ server {
|
||||||
location ~ \.php$ {
|
location ~ \.php$ {
|
||||||
add_header Referrer-Policy no-referrer always;
|
add_header Referrer-Policy no-referrer always;
|
||||||
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
|
||||||
add_header Expect-CT "max-age=86400, enforce" always;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
include snippets/fastcgi-php.conf;
|
include snippets/fastcgi-php.conf;
|
||||||
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
|
||||||
|
|
18
etc/nginx/sites-enabled/mta-sts
Normal file
18
etc/nginx/sites-enabled/mta-sts
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
server {
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name mta-sts.danwin1210.de;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||||
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||||
|
location / {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
location = /.well-known/mta-sts.txt {
|
||||||
|
default_type text/plain;
|
||||||
|
return 200 "version: STSv1
|
||||||
|
mode: enforce
|
||||||
|
mx: danwin1210.de
|
||||||
|
max_age: 86400
|
||||||
|
";
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,5 @@
|
||||||
server {
|
server {
|
||||||
listen [::]:443 ssl proxy_protocol http2;
|
listen [::]:443 ssl http2;
|
||||||
add_header Expect-CT "max-age=86400, enforce" always;
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
location / {
|
location / {
|
||||||
|
|
|
@ -247,7 +247,7 @@ contact_info = {
|
||||||
security = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
|
security = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
|
||||||
support = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
|
support = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
|
||||||
}
|
}
|
||||||
data_path = "/srv/var/lib/prosody"
|
data_path = "/var/lib/prosody"
|
||||||
legacy_ssl_ports = {5223}
|
legacy_ssl_ports = {5223}
|
||||||
external_services = {
|
external_services = {
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue