From d39c70098af7ba2c75a52d4fb1ce276d5a432ac7 Mon Sep 17 00:00:00 2001
From: Charles Reid <charlesreid1@gmail.com>
Date: Thu, 25 Jun 2020 18:22:01 -0700
Subject: [PATCH] add security config file includes inside server blocks

---
 conf.d_templates/https.DOMAIN.conf.j2 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/conf.d_templates/https.DOMAIN.conf.j2 b/conf.d_templates/https.DOMAIN.conf.j2
index 0481904..c5a0924 100644
--- a/conf.d_templates/https.DOMAIN.conf.j2
+++ b/conf.d_templates/https.DOMAIN.conf.j2
@@ -20,8 +20,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/{{ server_name_default }}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/{{ server_name_default }}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
-
-    client_max_body_size 100m;
+    include /etc/nginx/conf.d/secheaders.conf;
+    include /etc/nginx/conf.d/csp.conf;
 
     location / {
         try_files $uri $uri/ =404;
@@ -60,8 +60,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/www.{{ server_name_default }}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/www.{{ server_name_default }}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
-
-    client_max_body_size 100m;
+    include /etc/nginx/conf.d/secheaders.conf;
+    include /etc/nginx/conf.d/csp.conf;
 
     root /www/{{ server_name_default }}/htdocs;
 
@@ -99,8 +99,8 @@ server {
     ssl_certificate /etc/letsencrypt/live/git.{{ server_name_default }}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/git.{{ server_name_default }}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
-
-    client_max_body_size 100m;
+    include /etc/nginx/conf.d/secheaders.conf;
+    include /etc/nginx/conf.d/giteacsp.conf;
 
     location / {
         proxy_set_header X-Real-IP  $remote_addr;