Synology DS620slim  

Améliorer la sécurité de nginx dans WebStation

Testé sur le DSM 6.2.2-24922 Update 4

VirtualHost-nginx.mustache

server {
	{{#port.http}}
	listen      {{.}}{{^fqdn}} default_server{{/fqdn}};
listen      [::]:{{.}}{{^fqdn}} default_server{{/fqdn}};
{{/port.http}}
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options nosniff;
add_header Cache-Control no-cache;
add_header X-Xss-Protection "1; mode=block" always;
{{#port.https}}
listen      {{.}} ssl{{#https.http2}} http2{{/https.http2}}{{^fqdn}} default_server{{/fqdn}};
listen      [::]:{{.}} ssl{{#https.http2}} http2{{/https.http2}}{{^fqdn}} default_server{{/fqdn}};
{{/port.https}}

https://observatory.mozilla.org/analyze/ds620slim.synology.me

· NGINX, WebStation