Pin image digests and disable TRACE method in nginx
- nginx and mysql images pinned to SHA256 digests - nginx: return 405 on TRACE requests Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+2
-2
@@ -1,6 +1,6 @@
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:alpine
|
||||
image: nginx:alpine@sha256:4001b8091adb507866f42c251759b40290995629415d46684a32d3ede850c976
|
||||
ports:
|
||||
- "8057:80"
|
||||
volumes:
|
||||
@@ -37,7 +37,7 @@ services:
|
||||
start_period: 30s
|
||||
|
||||
db:
|
||||
image: mysql:8
|
||||
image: mysql:8@sha256:c36050afdca850f23cef85703f84c7531a5ae155a11b5ee1c60acb09937c4084
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}
|
||||
- MYSQL_DATABASE=${MYSQL_DATABASE}
|
||||
|
||||
@@ -17,6 +17,10 @@ server {
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self';" always;
|
||||
|
||||
if ($request_method = TRACE) {
|
||||
return 405;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user