m

volumes/conf.d/code.zinomedia.de.conf

@@ -12,17 +12,11 @@ server {
     ssl_certificate /etc/letsencrypt/live/code.zinomedia.de/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/code.zinomedia.de/privkey.pem;
 
-    # SSL Optimizations
+    include "snippets/ssl-optimizations.conf";
-    ssl_protocols TLSv1.2 TLSv1.3;
-    ssl_session_cache shared:SSL:10m;
-    ssl_session_timeout 10m;
-    ssl_prefer_server_ciphers on;
-
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
-
     include "snippets/enable-vouch.conf";
 
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:;" always;
+
     location / {
         resolver 127.0.0.11;
         set $upstream "http://code-server:8443";

volumes/conf.d/vouch.armos.zinomedia.de.conf

@@ -22,7 +22,6 @@ server {
     location / {
         resolver 127.0.0.11;
         set $upstream "http://vouch:9090";
-        #proxy_set_header Host $http_host;
         proxy_pass $upstream;
     }
 }

volumes/snippets/ssl-optimizations.conf

@@ -0,0 +1,5 @@
+
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;