Commit fc691d81 authored by kaiyou's avatar kaiyou

Enable HSTS and xss browser protection everywhere

parent df545e35
......@@ -16,6 +16,10 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./conf:/var/www/html/config
- ./files:/data
......
......@@ -16,8 +16,12 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.frontend.contentSecurityPolicy=default-src 'self'; style-src 'self' 'unsafe-inline'
- traefik.port=8081
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
- traefik.frontend.headers.contentSecurityPolicy=default-src 'self'; style-src 'self' 'unsafe-inline'
ports:
- "${ipv4}:53:53/udp"
- "${ipv4}:53:53"
......@@ -46,6 +50,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${admin}
- traefik.port=9191
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./admin:/data
environment:
......
......@@ -7,6 +7,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.port=8081
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./data:/zones
ports:
......
......@@ -28,6 +28,9 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./start.sh:/start.sh
- ./data:/var/www/onlyoffice/Data
......@@ -50,3 +53,4 @@ networks:
- subnet: "${prefix}/64"
gateway: "${prefix}1"
......@@ -17,6 +17,10 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./plugins:/var/www/html/plugins.local
environment:
......
......@@ -9,6 +9,10 @@ services:
- traefik.gitlab.port=80
- traefik.ci.frontend.rule=Host:${ci}
- traefik.ci.port=8123
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./data:/var/opt/gitlab
- ./conf:/etc/gitlab
......
......@@ -6,6 +6,10 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./data:/data
environment:
......@@ -16,6 +20,10 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname};PathPrefix:/images/,/thumbs/
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./old:/usr/share/nginx/html
......
......@@ -24,6 +24,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.port=3000
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
streaming:
image: tootsuite/mastodon:${version}
......
......@@ -7,6 +7,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname};PathPrefix:/_matrix/
- traefik.port=8008
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./data:/data
ports:
......@@ -32,6 +36,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${riot}
- traefik.port=8000
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./riot:/data
......
......@@ -7,6 +7,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.port=80
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
ports:
- "${ipv4}:10000:10000/udp"
- "${ipv6}:10000:10000/udp"
......
......@@ -6,6 +6,9 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostnames}
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./nginx.conf:/etc/nginx/conf.d/nginx.conf
- ./data:/var/www
......
......@@ -5,8 +5,12 @@ services:
image: docker.tedomum.net/tedomum/prismo
labels:
- traefik.enable=true
- traefik.gitlab.frontend.rule=Host:${hostname}
- traefik.gitlab.port=3000
- traefik.frontend.rule=Host:${hostname}
- traefik.port=3000
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
command: bash -c "rm -f /prismo/tmp/pids/server.pid; bundle exec rails s -p 3000 -b '0.0.0.0'"
depends_on:
- db
......
......@@ -8,7 +8,9 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.port=9001
- traefik.network.default=front_default
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
environment:
- ETHERPAD_DB_HOST=db
- ETHERPAD_DB_USER=${MYSQL_USER}
......
......@@ -6,7 +6,10 @@ services:
labels:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.network.default=front_default
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
env_file:
- ./.env
volumes:
......
......@@ -7,6 +7,10 @@ services:
- traefik.enable=true
- traefik.frontend.rule=Host:${hostname}
- traefik.port=9000
- traefik.frontend.headers.STSSeconds=315360000
- traefik.frontend.headers.frameDeny=true
- traefik.frontend.headers.browserXSSFilter=true
- traefik.frontend.headers.customResponseHeaders=Server:www||X-Powered-By:www
volumes:
- ./data:/data
environment:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment