lost/rskio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enhance security via nginx static hosting

Browse Source
This commit is contained in:
rskntroot
2024-06-10 02:29:11 +00:00
parent 7a8c9046dc
commit 13d9c32282
6 changed files with 52 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,4 +1,4 @@
docs/build mkdocs/site
traefik/log/*.log traefik/log/*.log
traefik/log/*.gz traefik/log/*.gz
traefik/tls/*.json traefik/tls/*.json

19
compose.yml
View File

@@ -1,4 +1,11 @@
services: services:
mkdocs:
image: squidfunk/mkdocs-material
command:
- build
volumes:
- ./mkdocs:/docs
traefik: traefik:
image: traefik:latest image: traefik:latest
command: command:
@@ -13,8 +20,8 @@ services:
- ./traefik/log:/var/log/traefik - ./traefik/log:/var/log/traefik
- ./traefik/tls:/letsencrypt - ./traefik/tls:/letsencrypt
mkdocs: nginx:
image: squidfunk/mkdocs-material image: nginx:latest
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.rskio.entrypoints=websecure - traefik.http.routers.rskio.entrypoints=websecure
@@ -22,7 +29,11 @@ services:
- traefik.http.routers.rskio.tls=true - traefik.http.routers.rskio.tls=true
- traefik.http.routers.rskio.tls.certresolver=rskio_certresolver - traefik.http.routers.rskio.tls.certresolver=rskio_certresolver
- traefik.http.routers.rskio.service=rskio@docker - traefik.http.routers.rskio.service=rskio@docker
- traefik.http.services.rskio.loadbalancer.server.port=8000 - traefik.http.services.rskio.loadbalancer.server.port=80
volumes: volumes:
- ./mkdocs:/docs - ./mkdocs/site:/opt/share/mkdocs/html:ro
- ./nginx/etc/conf.d:/etc/nginx/conf.d:ro
depends_on:
mkdocs:
condition: service_completed_successfully

4
mkdocs/docs/index.md
View File

@@ -2,14 +2,14 @@
## Rskio ## Rskio
This site (a project of mine in and of itself) is meant to catalog my efforts. Through the years, I have "spun my wheels" in order to learn, get something working, or even try something interesting--only for it to be lost to time. You could boil this site down to my notes. However, I fully intend for it to be much more than that. This site exists for me and the possibilty that it might help you too. This site is meant to catalog my efforts. Through the years, I have "spun my wheels" in order to learn, get something working, or even try something interesting--only for it to be lost to time. You could boil this site down to my notes. However, I fully intend for it to be much more than that. This site exists for me and the possibilty something I did might help you too.
## About ## About
Its been what, now? Around 10 years since I started working in computing proffessionally (right after dropping out of a Computer Science program, oops). Oh and about 14 since I'd learned my first programming language. What?! I'm in my thirties?! Guess I can't go saying I'm just some random kid on the internet anymore. Its been what, now? Around 10 years since I started working in computing proffessionally (right after dropping out of a Computer Science program, oops). Oh and about 14 since I'd learned my first programming language. What?! I'm in my thirties?! Guess I can't go saying I'm just some random kid on the internet anymore.
Just like everyone else my age, I got into computing because my family didn't know how to get the wifi working when we finally got broadband internet. Somehow that got me into robotics and programming in middle school and it snowballed from there. After a multi-year stint with the challenges of the cyber security field, I found peace by letting other people deal with it. These days I'm a full-time computer engineer that designs and deploys network infrastructure for a Tier-1 cloud provider. In my spare time, I work on projects, or dream of a financial freedom and getting able to work on whatever projects I want full-time, or both. Just like everyone else my age, I got into computing because my family didn't know how to get the wifi working when we finally got broadband internet. Somehow that got me into robotics and programming in middle school and it snowballed from there. After a multi-year stint with the challenges of the cyber security field, I found peace letting other people deal with it. These days I'm a full-time computer engineer that designs and deploys network infrastructure for a Tier-1 cloud provider. In my spare time, I work on projects or dream of financial freedom that would allow me to work on whatever projects I want full-time.
## What does Rskio Mean? ## What does Rskio Mean?

34
nginx/etc/conf.d/default.conf Normal file
View File

@@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
server_name rskio.com;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header X-XSS-Protection "1; mode=block";
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# rskio logging is handled via traefik
#access_log /var/log/nginx/host.access.log main;
location / {
root /opt/share/mkdocs/html;
index index.html index.htm;
limit_except GET HEAD POST { deny all; }
}
# rskio auth is handled via traefik
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
limit_except GET HEAD POST { deny all; }
}
}

0
traefik/log/required.md → traefik/log/.required.md
View File

0
traefik/tls/required.md → traefik/tls/.required.md
View File