From: Shane Jaroch Date: Wed, 21 Jan 2026 20:58:50 +0000 (-0500) Subject: attach stats report on each request; nginx safety headers X-Git-Url: https://git.nutra.tk/v2?a=commitdiff_plain;h=9176934914ad90d6788b603989fa1d487edb823c;p=nutratech%2Fvps-root.git attach stats report on each request; nginx safety headers --- diff --git a/etc/nginx/conf.d/default.dev.conf b/etc/nginx/conf.d/default.dev.conf index d3bd2e9..306a747 100644 --- a/etc/nginx/conf.d/default.dev.conf +++ b/etc/nginx/conf.d/default.dev.conf @@ -91,8 +91,6 @@ server { # Advertise HTTP/3 availability add_header Alt-Svc 'h3=":443"; ma=86400' always; - client_max_body_size 50m; - # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; @@ -100,6 +98,16 @@ server { #ssl_stapling on; #ssl_stapling_verify on; + # Other headers + add_header X-Frame-Options "SAMEORIGIN" always; # Prevent clickjacking & iframe embedding + add_header X-XSS-Protection "1; mode=block" always; # Legacy protection + add_header X-Content-Type-Options "nosniff" always; # Prevent MIME-type sniffing + # CSP policy (prevents XSS attacks) + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'" always; + + client_max_body_size 50m; + add_header X-Request-Time $request_time always; + # Services Map (Homepage) root /var/www; index homepage.html; diff --git a/etc/nginx/conf.d/default.prod.conf b/etc/nginx/conf.d/default.prod.conf index 0af80c0..64bd94d 100644 --- a/etc/nginx/conf.d/default.prod.conf +++ b/etc/nginx/conf.d/default.prod.conf @@ -100,15 +100,24 @@ server { # Advertise HTTP/3 availability add_header Alt-Svc 'h3=":443"; ma=86400' always; - client_max_body_size 50m; - # HSTS add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + add_header X-Request-Time $request_time always; ssl_trusted_certificate /etc/ssl/private/ca-certs.pem; # OCSP stapling (NOTE: Responders disabled by letsencrypt as of Q3 2025) #ssl_stapling on; #ssl_stapling_verify on; + # Other headers + add_header X-Frame-Options "SAMEORIGIN" always; # Prevent clickjacking & iframe embedding + add_header X-XSS-Protection "1; mode=block" always; # Legacy protection + add_header X-Content-Type-Options "nosniff" always; # Prevent MIME-type sniffing + # CSP policy (prevents XSS attacks) + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'" always; + + client_max_body_size 50m; + add_header X-Request-Time $request_time always; + # Services Map (Homepage) root /var/www; index homepage.html; diff --git a/scripts/gen_services_map.py b/scripts/gen_services_map.py index c8bcf3c..70265a6 100755 --- a/scripts/gen_services_map.py +++ b/scripts/gen_services_map.py @@ -38,8 +38,22 @@ HTML_TEMPLATE = """

Built: {build_time} | Services: {service_count}

Nginx: v | Served: | - Request:

+ Request: | + Latency: ...

+ """ diff --git a/scripts/gitweb-simplefrontend/services.html b/scripts/gitweb-simplefrontend/services.html index 6616b18..a5a1e58 100644 --- a/scripts/gitweb-simplefrontend/services.html +++ b/scripts/gitweb-simplefrontend/services.html @@ -36,10 +36,24 @@ + \ No newline at end of file diff --git a/scripts/homepage.html b/scripts/homepage.html index f05c10a..b7a1922 100644 --- a/scripts/homepage.html +++ b/scripts/homepage.html @@ -51,10 +51,24 @@ + \ No newline at end of file