mirror of http://138.197.108.81/gattes/matrix.git
Hardening server
This commit is contained in:
parent
f6292ba4c8
commit
63009e5e54
|
@ -14,6 +14,7 @@ services:
|
|||
networks:
|
||||
matrix_server:
|
||||
ipv4_address: 10.10.10.4
|
||||
matrix_db:
|
||||
ports:
|
||||
- 8008:8008
|
||||
|
||||
|
@ -27,8 +28,7 @@ services:
|
|||
volumes:
|
||||
- ./db:/var/lib/postgresql/data
|
||||
networks:
|
||||
matrix_server:
|
||||
ipv4_address: 10.10.10.2
|
||||
matrix_db:
|
||||
|
||||
element:
|
||||
image: vectorim/element-web:latest
|
||||
|
@ -70,6 +70,7 @@ services:
|
|||
networks:
|
||||
matrix_server:
|
||||
ipv4_address: 10.10.10.7
|
||||
matrix_db:
|
||||
depends_on:
|
||||
- synapse
|
||||
|
||||
|
@ -102,3 +103,5 @@ services:
|
|||
networks:
|
||||
matrix_server:
|
||||
external: true
|
||||
matrix_db:
|
||||
external: false
|
||||
|
|
|
@ -85,6 +85,7 @@ apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker
|
|||
echo -e "Create docker network\n"
|
||||
|
||||
docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_server
|
||||
docker network create --driver=bridge --subnet=10.100.0.0/24 --gateway=10.100.0.1 --internal matrix_db
|
||||
|
||||
# Randomly pick a DB password
|
||||
PG_PASS=$(pwgen -s 28 -1)
|
||||
|
@ -147,6 +148,11 @@ server {
|
|||
listen 80;
|
||||
server_name ${DOMAIN};
|
||||
|
||||
# Hardening
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
|
||||
add_header Content-Security-Policy "default-src 'self' ${DOMAIN} http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
|
||||
location /.well-known/matrix/client {
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
|
|
Loading…
Reference in New Issue