From efc9f117f99c81e8155019da7a4d1c01d2f37ad0 Mon Sep 17 00:00:00 2001
From: Viyurz <128215328+Viyurz@users.noreply.github.com>
Date: Thu, 23 Nov 2023 07:58:51 +0000
Subject: [PATCH] nginx-rp: Update headers

---
 nginx-rp/nginx.conf | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf
index fe73d82..a7729a8 100644
--- a/nginx-rp/nginx.conf
+++ b/nginx-rp/nginx.conf
@@ -23,7 +23,7 @@ http {
 	default_type application/octet-stream;
 
 	# Logging
-	log_not_found on;
+	# log_not_found on;
 	# access_log /var/log/nginx/access.log;
 	# error_log /var/log/nginx/error.log warn;
 
@@ -68,10 +68,6 @@ http {
 	proxy_set_header X-Forwarded-Scheme $scheme;
 	proxy_set_header Accept-Encoding "";
 
-	# Websocket
-	proxy_http_version 1.1;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection $connection_upgrade;
 
 	# The `upstream` directives ensure that you have a http/1.1 connection
 	# This enables the keepalive option and better performance
@@ -134,6 +130,11 @@ http {
 			proxy_pass http://127.0.0.1:11000;
 
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
+	
+			# Websocket
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection $connection_upgrade;
 
 			client_body_buffer_size 512k;
 			proxy_read_timeout 86400s;
@@ -151,6 +152,11 @@ http {
 
 		location / {
 			proxy_pass http://vaultwarden-default;
+			
+			# Websocket
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection $connection_upgrade;
 
 	    	client_max_body_size 525M;
 		}
@@ -166,6 +172,11 @@ http {
 
 		location / {
 			proxy_pass http://127.0.0.1:8083;
+ 
+			add_header Strict-Transport-Security "max-age=31536000" always;
+			add_header Set-Cookie "Path=/; HttpOnly; Secure";
+			# Disable some features
+        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 		}
 	}