beenull/mail-hosting-mirror
1
0
Fork 0
mirror of https://github.com/DanWin/mail-hosting.git synced 2024-11-21 15:10:25 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add mta-sts configuration

Browse source
This commit is contained in:
Daniel Winzen 2024-06-06 13:52:15 +02:00
parent c79682eb0b
commit df35dc5e05
No known key found for this signature in database
GPG key ID: 222FCC3F35C41077
4 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
etc/nginx/sites-enabled/mail
View file

@ -45,7 +45,6 @@ server {
add_header Referrer-Policy no-referrer always; add_header Referrer-Policy no-referrer always;
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always; add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
add_header Expect-CT "max-age=86400, enforce" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Cross-Origin-Embedder-Policy require-corp always; add_header Cross-Origin-Embedder-Policy require-corp always;
add_header Cross-Origin-Opener-Policy same-origin always; add_header Cross-Origin-Opener-Policy same-origin always;
@ -70,7 +69,6 @@ server {
add_header Referrer-Policy no-referrer always; add_header Referrer-Policy no-referrer always;
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always; add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), geolocation=(), fullscreen=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=(), interest-cohort=(), otp-credentials=()" always;
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always; add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
add_header Expect-CT "max-age=86400, enforce" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Cross-Origin-Embedder-Policy require-corp always; add_header Cross-Origin-Embedder-Policy require-corp always;
add_header Cross-Origin-Opener-Policy same-origin always; add_header Cross-Origin-Opener-Policy same-origin always;
@ -82,7 +80,6 @@ server {
location ~ \.php$ { location ~ \.php$ {
add_header Referrer-Policy no-referrer always; add_header Referrer-Policy no-referrer always;
add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always; add_header Onion-Location http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion$request_uri always;
add_header Expect-CT "max-age=86400, enforce" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_pass unix:/run/php/php8.2-fpm.sock;

18
etc/nginx/sites-enabled/mta-sts Normal file
View file

@ -0,0 +1,18 @@
server {
listen [::]:443 ssl http2;
server_name mta-sts.danwin1210.de;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
location / {
return 404;
}
location = /.well-known/mta-sts.txt {
default_type text/plain;
return 200 "version: STSv1
mode: enforce
mx: danwin1210.de
max_age: 86400
";
}
}

3
etc/nginx/sites-enabled/openpgpkey
View file

@ -1,6 +1,5 @@
server { server {
listen [::]:443 ssl proxy_protocol http2; listen [::]:443 ssl http2;
add_header Expect-CT "max-age=86400, enforce" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
root /var/www/html; root /var/www/html;
location / { location / {

2
etc/prosody/prosody.cfg.lua
View file

@ -247,7 +247,7 @@ contact_info = {
security = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" }; security = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
support = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" }; support = { "https://danwin1210.de/contact.php", "mailto:daniel@danwin1210.de" };
} }
data_path = "/srv/var/lib/prosody" data_path = "/var/lib/prosody"
legacy_ssl_ports = {5223} legacy_ssl_ports = {5223}
external_services = { external_services = {
{ {