mirror of
https://github.com/spantaleev/matrix-docker-ansible-deploy.git
synced 2025-10-24 17:13:23 +00:00
Merge pull request #1005 from sakkiii/master
Improve security for grafana
This commit is contained in:
@@ -31,6 +31,12 @@ matrix_grafana_anonymous_access_org_name: 'Main Org.'
|
|||||||
matrix_grafana_default_admin_user: admin
|
matrix_grafana_default_admin_user: admin
|
||||||
matrix_grafana_default_admin_password: admin
|
matrix_grafana_default_admin_password: admin
|
||||||
|
|
||||||
|
# Set to true to add the Content-Security-Policy header to your requests.
|
||||||
|
# CSP allows to control resources that the user agent can load and helps
|
||||||
|
# prevent XSS attacks.
|
||||||
|
# [Content Security Policy](https://grafana.com/docs/grafana/latest/administration/configuration/#content_security_policy)
|
||||||
|
matrix_grafana_content_security_policy: true
|
||||||
|
|
||||||
# A list of extra arguments to pass to the container
|
# A list of extra arguments to pass to the container
|
||||||
matrix_grafana_container_extra_arguments: []
|
matrix_grafana_container_extra_arguments: []
|
||||||
|
|
||||||
|
@@ -5,6 +5,9 @@ admin_user = "{{ matrix_grafana_default_admin_user }}"
|
|||||||
# default admin password, can be changed before first start of grafana, or in profile settings
|
# default admin password, can be changed before first start of grafana, or in profile settings
|
||||||
admin_password = """{{ matrix_grafana_default_admin_password }}"""
|
admin_password = """{{ matrix_grafana_default_admin_password }}"""
|
||||||
|
|
||||||
|
# specify content_security_policy to add the Content-Security-Policy header to your requests
|
||||||
|
content_security_policy = "{{ matrix_grafana_content_security_policy }}"
|
||||||
|
|
||||||
[auth.anonymous]
|
[auth.anonymous]
|
||||||
# enable anonymous access
|
# enable anonymous access
|
||||||
enabled = {{ matrix_grafana_anonymous_access }}
|
enabled = {{ matrix_grafana_anonymous_access }}
|
||||||
|
@@ -3,9 +3,13 @@
|
|||||||
{% macro render_vhost_directives() %}
|
{% macro render_vhost_directives() %}
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
add_header X-Content-Type-Options nosniff;
|
# duplicate X-Content-Type-Options & X-Frame-Options header
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
# Enabled by grafana by default
|
||||||
|
# add_header X-Content-Type-Options nosniff;
|
||||||
|
# add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
proxy_cookie_path / "/; HTTPOnly; Secure";
|
||||||
{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %}
|
{% for configuration_block in matrix_nginx_proxy_proxy_grafana_additional_server_configuration_blocks %}
|
||||||
{{- configuration_block }}
|
{{- configuration_block }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
Reference in New Issue
Block a user