2 files changed, 7 insertions, 0 deletions

diff --git a/TODO b/TODO
index 0ea968e..ea1357f 100644
--- a/TODO
+++ b/TODO
@@ -3,6 +3,8 @@
     https://issues.mediagoblin.org/ticket/5441
 - automate SSL with let's encrypt
     https://community.letsencrypt.org/t/howto-certificate-renewal-with-ansible/10214
+- docs for postfix+dovecot let's encrypt setup
+    https://ssl-tools.net/mailservers/
 - nginx default config: gzip, sendfile, autoindex, etc
 - email...
 - unattended updates: maybe create new file instead of overwriting?
diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt
index 8126739..1834e93 100644
--- a/roles/nginx/HOWTO_new_site.txt
+++ b/roles/nginx/HOWTO_new_site.txt
@@ -48,3 +48,8 @@ For SSL stuff, add this to the body:
      # Enable STS with one year period (breaks http; optional)
      #add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
 
+If your site is going to have inline Javascript (pretty common), you might need
+to swith the Content-Security-Policy line to:
+
+     add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
+