From 76393be0782ba05c2607abc659640e672c2328c6 Mon Sep 17 00:00:00 2001
From: "cl.nadeko.net" <root@cl.nadeko.net>
Date: Tue, 30 Jan 2024 05:09:31 +0000
Subject: [PATCH] headers and ssl

---
 nginx/configs/security.conf | 6 ++----
 nginx/configs/ssl.conf      | 5 +++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/nginx/configs/security.conf b/nginx/configs/security.conf
index 9a52c14..76dcb24 100644
--- a/nginx/configs/security.conf
+++ b/nginx/configs/security.conf
@@ -1,9 +1,7 @@
 # security headers
-add_header X-XSS-Protection          "1; mode=block" always;
 add_header X-Content-Type-Options    "nosniff" always;
-add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-#add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
-add_header Permissions-Policy        "interest-cohort=()" always;
+add_header Referrer-Policy           "same-origin" always;
 add_header X-Frame-Options           "sameorigin" always;
+add_header Permissions-Policy        "interest-cohort=()" always;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
 
diff --git a/nginx/configs/ssl.conf b/nginx/configs/ssl.conf
index 60eff09..876192f 100644
--- a/nginx/configs/ssl.conf
+++ b/nginx/configs/ssl.conf
@@ -1,4 +1,5 @@
-ssl_certificate /etc/ssl/certs/fullchain.pem;
-ssl_certificate_key /etc/ssl/private/privkey.pem;
+# ECDSA
+ssl_certificate /etc/ssl/nadeko.net/fullchain.ec.crt;
+ssl_certificate_key /etc/ssl/nadeko.net/nadeko.net.ec.key;
 
 include configs/sslConfig.conf;