mirror of
				https://github.com/spantaleev/matrix-docker-ansible-deploy.git
				synced 2025-10-25 01:23:24 +00:00 
			
		
		
		
	Merge pull request #1005 from sakkiii/master
Improve security for grafana
This commit is contained in:
		| @@ -31,6 +31,12 @@ matrix_grafana_anonymous_access_org_name: 'Main Org.' | |||||||
| matrix_grafana_default_admin_user: admin | matrix_grafana_default_admin_user: admin | ||||||
| matrix_grafana_default_admin_password: admin | matrix_grafana_default_admin_password: admin | ||||||
|  |  | ||||||
|  | # Set to true to add the Content-Security-Policy header to your requests. | ||||||
|  | # CSP allows to control resources that the user agent can load and helps  | ||||||
|  | # prevent XSS attacks. | ||||||
|  | # [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy) | ||||||
|  | matrix_grafana_content_security_policy: true | ||||||
|  |  | ||||||
| # A list of extra arguments to pass to the container | # A list of extra arguments to pass to the container | ||||||
| matrix_grafana_container_extra_arguments: [] | matrix_grafana_container_extra_arguments: [] | ||||||
|  |  | ||||||
|   | |||||||
| @@ -5,6 +5,9 @@ admin_user = "{{ matrix_grafana_default_admin_user }}" | |||||||
| # default admin password, can be changed before first start of grafana, or in profile settings | # default admin password, can be changed before first start of grafana, or in profile settings | ||||||
| admin_password = """{{ matrix_grafana_default_admin_password }}""" | admin_password = """{{ matrix_grafana_default_admin_password }}""" | ||||||
|  |  | ||||||
|  | # specify content_security_policy to add the Content-Security-Policy header to your requests | ||||||
|  | content_security_policy = "{{ matrix_grafana_content_security_policy }}" | ||||||
|  |  | ||||||
| [auth.anonymous] | [auth.anonymous] | ||||||
| # enable anonymous access | # enable anonymous access | ||||||
| enabled = {{ matrix_grafana_anonymous_access }} | enabled = {{ matrix_grafana_anonymous_access }} | ||||||
|   | |||||||
| @@ -3,9 +3,13 @@ | |||||||
| {% macro render_vhost_directives() %} | {% macro render_vhost_directives() %} | ||||||
| 	gzip on; | 	gzip on; | ||||||
| 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; | 	gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif; | ||||||
| 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; | 	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; | ||||||
| 	add_header X-Content-Type-Options nosniff; | 	# duplicate X-Content-Type-Options & X-Frame-Options header | ||||||
| 	add_header X-Frame-Options SAMEORIGIN; | 	# Enabled by grafana by default | ||||||
|  | 	# add_header X-Content-Type-Options nosniff; | ||||||
|  | 	# add_header X-Frame-Options SAMEORIGIN; | ||||||
|  | 	add_header Referrer-Policy "strict-origin-when-cross-origin"; | ||||||
|  | 	proxy_cookie_path / "/; HTTPOnly; Secure"; | ||||||
| 	{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %} | 	{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %} | ||||||
| 		{{- configuration_block }} | 		{{- configuration_block }} | ||||||
| 	{% endfor %} | 	{% endfor %} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user