mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 01:27:27 -04:00
map server tweaking
This commit is contained in:
t3chn0m4g3
33
docker/nginx/dist/conf/tpotweb.conf
vendored
33
docker/nginx/dist/conf/tpotweb.conf
vendored
@ -27,7 +27,7 @@ server {
|
||||
##############################################
|
||||
ssl_certificate /etc/nginx/cert/nginx.crt;
|
||||
ssl_certificate_key /etc/nginx/cert/nginx.key;
|
||||
|
||||
|
||||
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!DHE:!SHA:!SHA256';
|
||||
ssl_ecdh_curve secp384r1;
|
||||
ssl_dhparam /etc/nginx/ssl/dhparam4096.pem;
|
||||
@ -40,8 +40,8 @@ server {
|
||||
### OWASP recommendations / settings
|
||||
####################################
|
||||
|
||||
### Size Limits & Buffer Overflows
|
||||
### the size may be configured based on the needs.
|
||||
### Size Limits & Buffer Overflows
|
||||
### the size may be configured based on the needs.
|
||||
client_body_buffer_size 128k;
|
||||
client_header_buffer_size 1k;
|
||||
client_max_body_size 2M;
|
||||
@ -65,7 +65,7 @@ server {
|
||||
|
||||
### This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
|
||||
|
||||
# add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
|
||||
|
||||
##################################
|
||||
### Restrict access and basic auth
|
||||
@ -118,19 +118,28 @@ server {
|
||||
rewrite /kibana/(.*)$ /$1 break;
|
||||
}
|
||||
|
||||
### ES
|
||||
### ES
|
||||
location /es/ {
|
||||
proxy_pass http://127.0.0.1:64298/;
|
||||
rewrite /es/(.*)$ /$1 break;
|
||||
}
|
||||
|
||||
### Map
|
||||
location /map/ {
|
||||
proxy_pass http://127.0.0.1:64299/;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
# location /map/ {
|
||||
# proxy_pass http://127.0.0.1:64299/;
|
||||
# rewrite /map/(.*)$ /$1 break;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_set_header Host $host;
|
||||
# }
|
||||
# location /websocket {
|
||||
# proxy_pass http://127.0.0.1:64299;
|
||||
# proxy_http_version 1.1;
|
||||
# proxy_set_header Upgrade $http_upgrade;
|
||||
# proxy_set_header Connection "Upgrade";
|
||||
# proxy_set_header Host $host;
|
||||
# }
|
||||
|
||||
### spiderfoot
|
||||
location /spiderfoot {
|
||||
@ -144,7 +153,7 @@ server {
|
||||
location /scanviz {
|
||||
proxy_pass http://127.0.0.1:64303/spiderfoot/scanviz;
|
||||
}
|
||||
|
||||
|
||||
location /scandelete {
|
||||
proxy_pass http://127.0.0.1:64303/spiderfoot/scandelete;
|
||||
}
|
||||
|
||||
BIN
docker/nginx/dist/html/esvue/esvue.tgz
vendored
BIN
docker/nginx/dist/html/esvue/esvue.tgz
vendored
Binary file not shown.
Reference in New Issue
Block a user