Merge pull request #124 from appleboy/patch-3

fix format.
This commit is contained in:
Andy Dawson 2016-01-29 21:10:25 +01:00
commit 740ba774f5
7 changed files with 18 additions and 18 deletions

View File

@ -1,15 +1,15 @@
# The X-Frame-Options header indicates whether a browser should be allowed # The X-Frame-Options header indicates whether a browser should be allowed
# to render a page within a frame or iframe. # to render a page within a frame or iframe.
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
# MIME type sniffing security protection # MIME type sniffing security protection
# There are very few edge cases where you wouldn't want this enabled. # There are very few edge cases where you wouldn't want this enabled.
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
# The X-XSS-Protection header is used by Internet Explorer version 8+ # The X-XSS-Protection header is used by Internet Explorer version 8+
# The header instructs IE to enable its inbuilt anti-cross-site scripting filter. # The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
# with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy), # with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
# you can tell the browser that it can only download content from the domains you explicitly allow # you can tell the browser that it can only download content from the domains you explicitly allow
# CSP can be quite difficult to configure, and cause real issues if you get it wrong # CSP can be quite difficult to configure, and cause real issues if you get it wrong

View File

@ -1,7 +1,7 @@
# Nginx's spdy module is compiled by default from 1.6 # Nginx's spdy module is compiled by default from 1.6
# SPDY only works on HTTPS connections # SPDY only works on HTTPS connections
# Inform browser of SPDY availability # Inform browser of SPDY availability
add_header Alternate-Protocol 443:npn-spdy/3; add_header Alternate-Protocol 443:npn-spdy/3;
# Adjust connection keepalive for SPDY clients: # Adjust connection keepalive for SPDY clients:

View File

@ -3,7 +3,7 @@ ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
#trusted cert must be made up of your intermediate certificate followed by root certificate #trusted cert must be made up of your intermediate certificate followed by root certificate
#ssl_trusted_certificate /path/to/ca.crt; #ssl_trusted_certificate /path/to/ca.crt;
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s; resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
resolver_timeout 2s; resolver_timeout 2s;

View File

@ -6,5 +6,5 @@
# This is not included by default, because it'd be better if you use the build # This is not included by default, because it'd be better if you use the build
# script to manage the file names. # script to manage the file names.
location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ { location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
try_files $uri $1.$2; try_files $uri $1.$2;
} }

View File

@ -1,13 +1,13 @@
# Cross domain webfont access # Cross domain webfont access
location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ { location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
include h5bp/directive-only/cross-domain-insecure.conf; include h5bp/directive-only/cross-domain-insecure.conf;
# Also, set cache rules for webfonts. # Also, set cache rules for webfonts.
# #
# See http://wiki.nginx.org/HttpCoreModule#location # See http://wiki.nginx.org/HttpCoreModule#location
# And https://github.com/h5bp/server-configs/issues/85 # And https://github.com/h5bp/server-configs/issues/85
# And https://github.com/h5bp/server-configs/issues/86 # And https://github.com/h5bp/server-configs/issues/86
expires 1M; expires 1M;
access_log off; access_log off;
add_header Cache-Control "public"; add_header Cache-Control "public";
} }

View File

@ -4,10 +4,10 @@
# https://www.mnot.net/blog/2010/04/07/well-known # https://www.mnot.net/blog/2010/04/07/well-known
# https://tools.ietf.org/html/rfc5785 # https://tools.ietf.org/html/rfc5785
location ~* /\.(?!well-known\/) { location ~* /\.(?!well-known\/) {
deny all; deny all;
} }
# Prevent clients from accessing to backup/config/source files # Prevent clients from accessing to backup/config/source files
location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ { location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
deny all; deny all;
} }

View File

@ -57,7 +57,7 @@ http {
# Speed up file transfers by using sendfile() to copy directly # Speed up file transfers by using sendfile() to copy directly
# between descriptors rather than using read()/write(). # between descriptors rather than using read()/write().
# For performance reasons, on FreeBSD systems w/ ZFS # For performance reasons, on FreeBSD systems w/ ZFS
# this option should be disabled as ZFS's ARC caches # this option should be disabled as ZFS's ARC caches
# frequently used files in RAM by default. # frequently used files in RAM by default.
sendfile on; sendfile on;