admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated docs for nginx config with working values

Browse Source
This commit is contained in:
John Cardinal
2022-03-18 20:57:05 +00:00
parent 198a65fe67
commit 29e0ee962f
2 changed files with 23 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
devdocs/todo.txt
View File

@@ -1,8 +1,10 @@
# now # now
proper most secure nginx settings for all ayanova installs?
keepass proper way to use and how to split for security etc?
trialing plan for setting up server, do we charge? how much, what questions do we need answered to set up droplet trialing plan for setting up server, do we charge? how much, what questions do we need answered to set up droplet
can a site be in a sufolder so I don't need a domain name or key, just hang them all off helloayanova.com/s/siteb? can a site be in a sufolder so I don't need a domain name or key, just hang them all off helloayanova.com/s/siteb?
proxy if path? proxy if path? https://stackoverflow.com/questions/26449466/nginx-proxy-pass-to-a-directory
Key name and passphrase to unlock it Key name and passphrase to unlock it
@@ -196,6 +198,8 @@ todo: 2 or 3 category team view color based on user color?
todo: 2 create workorder, quote, pm from customer record?? todo: 2 create workorder, quote, pm from customer record??
was that a v7 feature? make it so? v.next? was that a v7 feature? make it so? v.next?
todo: 2/3 cant' use CSP with ayanova without opening it up considerably and allowing unsafe-inline
sounds like it's theoretically possible to work but the fontawesome fonts would need to be static or something and styles would need a nonce and etc
todo:3 profiler page has columns: Request Start Response Start Dom Complete which are all empty, somethjing new added that needs to be disabled maybe?? todo:3 profiler page has columns: Request Start Response Start Dom Complete which are all empty, somethjing new added that needs to be disabled maybe??

17
docs/8.0/ayanova/docs/ops-install-linux-server.md
View File

@@ -379,6 +379,12 @@ If you are already using NGINX for other services then a site configuration file
server { server {
server_name ayanova.example.com www.ayanova.example.com; server_name ayanova.example.com www.ayanova.example.com;
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin" always;
proxy_pass http://127.0.0.1:7575; proxy_pass http://127.0.0.1:7575;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@@ -434,6 +440,12 @@ server {
listen 80; listen 80;
#server_name ayanova.example.com; #server_name ayanova.example.com;
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin" always;
proxy_pass http://127.0.0.1:7575; proxy_pass http://127.0.0.1:7575;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@@ -519,6 +531,11 @@ The NGINX default config file will now have new entries looking something like t
server { server {
server_name ayanova.example.com; server_name ayanova.example.com;
location / { location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "strict-origin" always;
proxy_pass http://127.0.0.1:7575; proxy_pass http://127.0.0.1:7575;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;