diff options
| author | bnewbold <bnewbold@robocracy.org> | 2016-06-11 18:46:04 -0400 |
|---|---|---|
| committer | bnewbold <bnewbold@robocracy.org> | 2016-06-11 18:46:04 -0400 |
| commit | 90b6400c511ad214c58abb3127a2e96ae6c1ae24 (patch) | |
| tree | 2b892847cbb1afb46febdd5ba4fc97baca19d99c | |
| parent | 06c543126a2666d6793523332c1319f5061ff8a6 (diff) | |
| download | infra-90b6400c511ad214c58abb3127a2e96ae6c1ae24.tar.gz infra-90b6400c511ad214c58abb3127a2e96ae6c1ae24.zip | |
TODO
| -rw-r--r-- | TODO | 2 | ||||
| -rw-r--r-- | roles/nginx/HOWTO_new_site.txt | 5 |
2 files changed, 7 insertions, 0 deletions
@@ -3,6 +3,8 @@ https://issues.mediagoblin.org/ticket/5441 - automate SSL with let's encrypt https://community.letsencrypt.org/t/howto-certificate-renewal-with-ansible/10214 +- docs for postfix+dovecot let's encrypt setup + https://ssl-tools.net/mailservers/ - nginx default config: gzip, sendfile, autoindex, etc - email... - unattended updates: maybe create new file instead of overwriting? diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt index 8126739..1834e93 100644 --- a/roles/nginx/HOWTO_new_site.txt +++ b/roles/nginx/HOWTO_new_site.txt @@ -48,3 +48,8 @@ For SSL stuff, add this to the body: # Enable STS with one year period (breaks http; optional) #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains"; +If your site is going to have inline Javascript (pretty common), you might need +to swith the Content-Security-Policy line to: + + add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'"; + |