From fe20973cf05bcb0dc72ab8fd7510f2b7176b8f7f Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 31 Aug 2022 15:08:34 +0300 Subject: [PATCH 1/3] ssl --- nginx/nginx-dev/nginx-dev.conf | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/nginx/nginx-dev/nginx-dev.conf b/nginx/nginx-dev/nginx-dev.conf index 7d9d20d..7340f89 100644 --- a/nginx/nginx-dev/nginx-dev.conf +++ b/nginx/nginx-dev/nginx-dev.conf @@ -31,9 +31,19 @@ http { } server { - listen 80; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name battleship.develop.sprinthub.ru; + ssl_certificate /etc/nginx/fullchain.pem; + ssl_certificate_key /etc/nginx/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Secure-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + location / { proxy_pass http://battleship-nginx:1236/; } From 83de95bfde686c74dd4787d6881192c2d74f9a3d Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 31 Aug 2022 15:13:45 +0300 Subject: [PATCH 2/3] ssl --- .deploy/deploy-dev.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.deploy/deploy-dev.yaml b/.deploy/deploy-dev.yaml index d5ce7e5..a95f28f 100644 --- a/.deploy/deploy-dev.yaml +++ b/.deploy/deploy-dev.yaml @@ -5,6 +5,7 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-dev ports: - "80:80" + - "443:443" networks: - battleship-nginx - sprint-nginx From 71ade2d9f1eae1df2189da27f7f33dfc912f0275 Mon Sep 17 00:00:00 2001 From: Administrator Date: Wed, 31 Aug 2022 18:32:40 +0300 Subject: [PATCH 3/3] ssl --- .deploy/deploy-prod.yaml | 1 + nginx/nginx-prod/Dockerfile | 4 +++- nginx/nginx-prod/nginx-prod.conf | 12 +++++++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.deploy/deploy-prod.yaml b/.deploy/deploy-prod.yaml index 8c27831..b7d5ef3 100644 --- a/.deploy/deploy-prod.yaml +++ b/.deploy/deploy-prod.yaml @@ -5,6 +5,7 @@ services: image: mathwave/sprint-repo:sprint-infra-nginx-prod ports: - "80:80" + - "443:443" networks: - battleship-nginx - sprint-nginx diff --git a/nginx/nginx-prod/Dockerfile b/nginx/nginx-prod/Dockerfile index 28058c7..30f6009 100644 --- a/nginx/nginx-prod/Dockerfile +++ b/nginx/nginx-prod/Dockerfile @@ -1,2 +1,4 @@ FROM nginx -COPY ./nginx-prod.conf /etc/nginx/nginx.conf \ No newline at end of file +COPY ./nginx-prod.conf /etc/nginx/nginx.conf +COPY ./privkey.pem /etc/nginx/privkey.pem +COPY ./fullchain.pem /etc/nginx/fullchain.pem \ No newline at end of file diff --git a/nginx/nginx-prod/nginx-prod.conf b/nginx/nginx-prod/nginx-prod.conf index 20edfce..dede5ac 100644 --- a/nginx/nginx-prod/nginx-prod.conf +++ b/nginx/nginx-prod/nginx-prod.conf @@ -40,9 +40,19 @@ http { } server { - listen 80; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name battleship.sprinthub.ru; + ssl_certificate /etc/nginx/fullchain.pem; + ssl_certificate_key /etc/nginx/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Secure-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + location / { proxy_pass http://battleship-nginx:1236/; }