|
|
@@ -1,19 +1,33 @@
|
|
|
{
|
|
|
- # LetsEncrypt account
|
|
|
- email YOUR_EMAIL
|
|
|
+ # LetsEncrypt account
|
|
|
+ email YOUR_EMAIL
|
|
|
}
|
|
|
|
|
|
# Dashboard
|
|
|
https://dashboard.NETMAKER_BASE_DOMAIN {
|
|
|
- reverse_proxy http://127.0.0.1:8082
|
|
|
+ # Apply basic security headers
|
|
|
+ header {
|
|
|
+ # Enable HTTP Strict Transport Security (HSTS)
|
|
|
+ Strict-Transport-Security "max-age=31536000;"
|
|
|
+ # Enable cross-site filter (XSS) and tell browser to block detected attacks
|
|
|
+ X-XSS-Protection "1; mode=block"
|
|
|
+ # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
|
|
|
+ X-Frame-Options "SAMEORIGIN"
|
|
|
+ # Prevent search engines from indexing
|
|
|
+ X-Robots-Tag "none"
|
|
|
+ # Remove the server name
|
|
|
+ -Server
|
|
|
+ }
|
|
|
+
|
|
|
+ reverse_proxy http://127.0.0.1:8082
|
|
|
}
|
|
|
|
|
|
# API
|
|
|
https://api.NETMAKER_BASE_DOMAIN {
|
|
|
- reverse_proxy http://127.0.0.1:8081
|
|
|
+ reverse_proxy http://127.0.0.1:8081
|
|
|
}
|
|
|
|
|
|
# gRPC
|
|
|
https://grpc.NETMAKER_BASE_DOMAIN {
|
|
|
- reverse_proxy h2c://127.0.0.1:50051
|
|
|
-}
|
|
|
+ reverse_proxy h2c://127.0.0.1:50051
|
|
|
+}
|
dcarns