Mercurial > repos > other > Puppet

view modules/website/templates/https_core_conf.erb @ 400:f354100b688a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to Ubuntu-standard PHP FPM socket dir Ubuntu puts /tmp and /run on tmpfs, which gets wiped each reboot. While these directories *can* be nuked, they aren't on other platforms. Using the old paths, Puppet had to recreate the directory each boot. Using the new paths, Ubuntu handles creation within the systemd config. CentOS should just create once, migrate and work.
author IBBoard <dev@ibboard.co.uk>
date Wed, 20 Apr 2022 19:11:39 +0100
parents c68883dde00b
children
line wrap: on
line source

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
<%- if @csp -%>
Header always set Content-Security-Policy "upgrade-insecure-requests; <%= @csp_string %>"
<%- end -%>
<%- if @csp_report -%>
Header always set Content-Security-Policy-Report-Only "<%= @csp_report_string %>"
<%- end -%>
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Feature-Policy "interest-cohort 'none'; accelerometer 'none'; autoplay 'none'; battery 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none';"
Header always set Permissions-Policy "interest-cohort=(); accelerometer=(); autoplay=(); battery=(); camera=(); geolocation=(); gyroscope=(); magnetometer=(); microphone=(); payment=(); usb=();"

<If "%{HTTP_HOST} != '<%= @primary_name %>'">
	Redirect permanent "/" "https://<%= @primary_name %>/"
</If>