23 lines
661 B
Nix
23 lines
661 B
Nix
{config, ...}: {
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.nginx.defaultHTTPListenPort
|
|
config.services.nginx.defaultSSLListenPort
|
|
];
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
commonHttpConfig = ''
|
|
map $scheme $hsts_header {
|
|
https "max-age=31536000";
|
|
}
|
|
add_header Strict-Transport-Security $hsts_header;
|
|
|
|
add_header Referrer-Policy strict-origin;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
'';
|
|
};
|
|
}
|