nginx-rp: Update headers

nginx-rp/nginx.conf

@@ -23,7 +23,7 @@ http {
 	default_type application/octet-stream;
 
 	# Logging
-	log_not_found on;
+	# log_not_found on;
 	# access_log /var/log/nginx/access.log;
 	# error_log /var/log/nginx/error.log warn;
 
@@ -68,10 +68,6 @@ http {
 	proxy_set_header X-Forwarded-Scheme $scheme;
 	proxy_set_header Accept-Encoding "";
 
-	# Websocket
-	proxy_http_version 1.1;
-	proxy_set_header Upgrade $http_upgrade;
-	proxy_set_header Connection $connection_upgrade;
 
 	# The `upstream` directives ensure that you have a http/1.1 connection
 	# This enables the keepalive option and better performance
@@ -135,6 +131,11 @@ http {
 
 			add_header Set-Cookie "Path=/; HttpOnly; Secure";
 	
+			# Websocket
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection $connection_upgrade;
+
 			client_body_buffer_size 512k;
 			proxy_read_timeout 86400s;
 			client_max_body_size 0;
@@ -152,6 +153,11 @@ http {
 		location / {
 			proxy_pass http://vaultwarden-default;
 			
+			# Websocket
+			proxy_http_version 1.1;
+			proxy_set_header Upgrade $http_upgrade;
+			proxy_set_header Connection $connection_upgrade;
+
 	    	client_max_body_size 525M;
 		}
 	}
@@ -166,6 +172,11 @@ http {
 
 		location / {
 			proxy_pass http://127.0.0.1:8083;
+ 
+			add_header Strict-Transport-Security "max-age=31536000" always;
+			add_header Set-Cookie "Path=/; HttpOnly; Secure";
+			# Disable some features
+        	add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
 		}
 	}