From 28164f56478eaaba59ff6e21ab7510f8802961e4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Wed, 8 Apr 2026 07:22:08 +0200
Subject: [PATCH] secure nginx

---
 reverse-proxy/nginx.conf.template | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/reverse-proxy/nginx.conf.template b/reverse-proxy/nginx.conf.template
index 2bf2a09..bfc54c5 100644
--- a/reverse-proxy/nginx.conf.template
+++ b/reverse-proxy/nginx.conf.template
@@ -5,14 +5,9 @@ map $uri $static_file {
 
 server {
   listen 80 default_server;
-  server_name ${SERVER_NAME};
   server_tokens off;
   etag off;
   
-  gzip on;
-  gzip_types text/plain text/css application/json application/javascript text/xml;
-  gzip_min_length 1024;
-
   client_max_body_size 100M;
 
   proxy_http_version 1.1;
@@ -44,6 +39,10 @@ server {
   location / {
     proxy_pass http://web:80/;
 
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
     if ($static_file) {
       add_header Cache-Control "public, max-age=31536000, immutable" always;
     }