From 91987eebdc42f3bcaf7f27e00ac618d1e6150721 Mon Sep 17 00:00:00 2001
From: Arthur Lu <root@tronnet.net>
Date: Sat, 13 May 2023 06:03:54 +0000
Subject: [PATCH] add security headers

---
 nginx.conf      |  1 -
 ssl-params.conf | 14 ++++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/nginx.conf b/nginx.conf
index 0810752..8aa8975 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -1,6 +1,5 @@
 user nginx;
 worker_processes auto;
-pid /run/nginx.pid;
 events {
 	worker_connections 768;
 }
diff --git a/ssl-params.conf b/ssl-params.conf
index af97e4c..27dbb0b 100644
--- a/ssl-params.conf
+++ b/ssl-params.conf
@@ -14,3 +14,17 @@ ssl_dhparam /etc/ssl/certs/dhparam.pem;
 # ssl cert paths
 ssl_certificate /etc/letsencrypt/live/tronnet.net/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/tronnet.net/privkey.pem;
+
+proxy_hide_header X-Powered-By;
+proxy_hide_header X-Frame-Options;
+add_header X-Frame-Options DENY;
+proxy_hide_header X-XSS-Protection;
+add_header X-XSS-Protection 0;
+proxy_hide_header X-Content-Type-Options;
+add_header X-Content-Type-Options nosniff;
+proxy_hide_header Referrer-Policy;
+add_header Referrer-Policy strict-origin-when-cross-origin;
+proxy_hide_header Strict-Transport-Security;
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+proxy_hide_header Access-Control-Allow-Origin; 
+add_header Access-Control-Allow-Origin https://tronnet.net;