From 2b8fdcc6cd5555d38b3cd0160251ac040046b41e Mon Sep 17 00:00:00 2001 From: plowsof <77655812+plowsof@users.noreply.github.com> Date: Fri, 30 Aug 2024 00:29:10 +0100 Subject: [PATCH 1/2] Dockerfile_coolify: add Onion-Location header Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> --- Dockerfile_coolify | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile_coolify b/Dockerfile_coolify index 0eb590b..c715547 100644 --- a/Dockerfile_coolify +++ b/Dockerfile_coolify @@ -15,6 +15,7 @@ COPY --from=builder /monero-docs/public /usr/share/nginx/html # Inline Nginx configuration RUN echo 'server { \ listen 80; \ + add_header Onion-Location http://xmrdoc6phnvjbf5hmjbwdfu47zavzfngymlnwhs2gyxxpxmad4c65kyd.onion$request_uri; \ root /usr/share/nginx/html; \ index index.html index.htm; \ error_page 404 /404.html; \ From 543f332da11e8e77b6150c0ab198ea812747e26f Mon Sep 17 00:00:00 2001 From: plowsof Date: Fri, 30 Aug 2024 11:25:16 +0100 Subject: [PATCH 2/2] Dockerfile_coolify: Added security and privacy-focused HTTP headers - Implemented various HTTP headers to enhance security and privacy Full credit to featherwallet.org for the header configuration + inspiration. --- Dockerfile_coolify | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Dockerfile_coolify b/Dockerfile_coolify index c715547..b6b0e67 100644 --- a/Dockerfile_coolify +++ b/Dockerfile_coolify @@ -16,6 +16,12 @@ COPY --from=builder /monero-docs/public /usr/share/nginx/html RUN echo 'server { \ listen 80; \ add_header Onion-Location http://xmrdoc6phnvjbf5hmjbwdfu47zavzfngymlnwhs2gyxxpxmad4c65kyd.onion$request_uri; \ + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; \ + add_header Referrer-Policy "no-referrer"; \ + add_header X-XSS-Protection "0"; \ + add_header X-Frame-Options "DENY"; \ + add_header X-Content-Type-Options "nosniff"; \ + add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()"; \ root /usr/share/nginx/html; \ index index.html index.htm; \ error_page 404 /404.html; \