blackicedbear/Web-Architekturen-Projekt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added HTTPS and security headers

Browse Source
This commit is contained in:
Michael
2026-05-27 14:54:36 +02:00
parent 1b9be90d29
commit 13a89dd8ed
4 changed files with 53 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1
View File
@@ -3,3 +3,4 @@ dist/
__pycache__/
*.pyc
.env
ssl/*.pem
docker-compose.yml
+3
View File
@@ -26,8 +26,11 @@ services:
image: nginx:alpine
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
- ./ssl/cert.pem:/etc/nginx/ssl/cert.pem:ro
- ./ssl/key.pem:/etc/nginx/ssl/key.pem:ro
depends_on:
- backend
- frontend
nginx/nginx.conf
+28 -1
View File
@@ -1,20 +1,47 @@
server {
listen 80;
server_name _;
server_name static.155.116.167.89.clients.your-server.de;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name static.155.116.167.89.clients.your-server.de;
server_tokens off;
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
client_max_body_size 100k;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options "DENY" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "geolocation=(), camera=(), microphone=()" always;
location /api/ {
proxy_pass http://backend:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header Server;
proxy_hide_header X-Powered-By;
}
location / {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_hide_header Server;
}
}
ssl/README.md
+21
View File
@@ -0,0 +1,21 @@
# SSL Zertifikat
Hier die Zertifikatsdateien ablegen:
- `cert.pem` - Öffentliches Zertifikat (inkl. Chain)
- `key.pem` - Privater Schlüssel
## Zertifikat mit OpenSSL erstellen (Self-Signed, für Tests)
```bash
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout key.pem -out cert.pem \
-subj "/CN=static.155.116.167.89.clients.your-server.de"
```
## Let's Encrypt Zertifikat kopieren
```bash
cp /etc/letsencrypt/live/static.155.116.167.89.clients.your-server.de/fullchain.pem ssl/cert.pem
cp /etc/letsencrypt/live/static.155.116.167.89.clients.your-server.de/privkey.pem ssl/key.pem
```