zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-29 08:50:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Some more security instructions

Browse source
This commit is contained in:
Pinga 2023-12-01 22:20:05 +02:00
parent 67c5a85bc4
commit 1faf7ed686
1 changed files with 38 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

41
docs/install.md
View file

@ -12,7 +12,7 @@ apt update && apt upgrade
apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois apt install -y bzip2 caddy composer curl gettext git gnupg2 net-tools php8.2 php8.2-bcmath php8.2-cli php8.2-common php8.2-curl php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-swoole php8.2-xml pv unzip wget whois
``` ```
### Configure OPcache ### Configure PHP
Edit the PHP Configuration Files: Edit the PHP Configuration Files:
@ -21,16 +21,21 @@ nano /etc/php/8.2/cli/php.ini
nano /etc/php/8.2/fpm/php.ini nano /etc/php/8.2/fpm/php.ini
``` ```
Locate or add these lines in ```php.ini```: Locate or add these lines in ```php.ini```, also replace ```example.com``` with your registry domain name:
```bash ```bash
opcache.enable=1 opcache.enable=1
opcache.enable_cli=1 opcache.enable_cli=1
opcache.jit_buffer_size=100M opcache.jit_buffer_size=100M
opcache.jit=1255 opcache.jit=1255
session.cookie_secure = 1
session.cookie_httponly = 1
session.cookie_samesite = "Strict"
session.cookie_domain = example.com
``` ```
After configuring OPcache and JIT, restart the PHP service to apply changes: After configuring PHP, restart the service to apply changes:
```bash ```bash
systemctl restart php8.2-fpm systemctl restart php8.2-fpm
@ -96,6 +101,16 @@ rdap.example.com {
encode gzip encode gzip
file_server file_server
tls your-email@example.com tls your-email@example.com
header * {
Referrer-Policy "no-referrer"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
} }
whois.example.com { whois.example.com {
@ -105,6 +120,16 @@ whois.example.com {
php_fastcgi unix//run/php/php8.2-fpm.sock php_fastcgi unix//run/php/php8.2-fpm.sock
file_server file_server
tls your-email@example.com tls your-email@example.com
header * {
Referrer-Policy "no-referrer"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy: default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
} }
cp.example.com { cp.example.com {
@ -127,6 +152,16 @@ cp.example.com {
root * /usr/share/adminer root * /usr/share/adminer
php_fastcgi unix//run/php/php8.2-fpm.sock php_fastcgi unix//run/php/php8.2-fpm.sock
} }
header * {
Referrer-Policy "no-referrer"
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-XSS-Protection "1; mode=block"
Content-Security-Policy "default-src 'none'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; img-src https:; font-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'none'; form-action 'self'; worker-src 'none'; frame-src 'none';"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'self'; speaker 'none'; usb 'none'; vr 'none';"
Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=();
}
} }
``` ```