gattes
/
matrix
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Hardening server

master
Miguel Gagliardo 10 months ago
parent
f6292ba4c8
commit
63009e5e54
2 changed files with 11 additions and 2 deletions
Unified View Show Diff Stats
  1. 5
    2
      docker-compose.yaml
  2. 6
    0
      install.sh

+ 5
- 2
docker-compose.yaml View File

14 
     networks:
 14 
     networks:
15 
       matrix_server:
 15 
       matrix_server:
16 
         ipv4_address: 10.10.10.4
 16 
         ipv4_address: 10.10.10.4
17 
+      matrix_db:
17 
     ports:
 18 
     ports:
18 
       - 8008:8008
 19 
       - 8008:8008
19
20
27 
     volumes:
 28 
     volumes:
28 
       - ./db:/var/lib/postgresql/data
 29 
       - ./db:/var/lib/postgresql/data
29 
     networks:
 30 
     networks:
30 
-      matrix_server:
31 
-        ipv4_address: 10.10.10.2
31 
+      matrix_db:
32
32
33 
   element:
 33 
   element:
34 
     image: vectorim/element-web:latest
 34 
     image: vectorim/element-web:latest
70 
     networks:
 70 
     networks:
71 
       matrix_server:
 71 
       matrix_server:
72 
         ipv4_address: 10.10.10.7
 72 
         ipv4_address: 10.10.10.7
73 
+      matrix_db:
73 
     depends_on:
 74 
     depends_on:
74 
       - synapse
 75 
       - synapse
75
76
102 
 networks:
 103 
 networks:
103 
   matrix_server:
 104 
   matrix_server:
104 
     external: true
 105 
     external: true
106 
+  matrix_db:
107 
+    external: false

+ 6
- 0
install.sh View File

85 
 echo -e "Create docker network\n"
 85 
 echo -e "Create docker network\n"
86
86
87 
 docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_server
 87 
 docker network create --driver=bridge --subnet=10.10.10.0/24 --gateway=10.10.10.1 matrix_server
88 
+docker network create --driver=bridge --subnet=10.100.0.0/24 --gateway=10.100.0.1 --internal matrix_db
88
89
89 
 # Randomly pick a DB password
 90 
 # Randomly pick a DB password
90 
 PG_PASS=$(pwgen -s 28 -1)
 91 
 PG_PASS=$(pwgen -s 28 -1)
147 
     listen 80;
 148 
     listen 80;
148 
     server_name ${DOMAIN};
 149 
     server_name ${DOMAIN};
149
150
151 
+    # Hardening
152 
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
153 
+    add_header Content-Security-Policy "default-src 'self' ${DOMAIN} http: https: data: blob: 'unsafe-inline' 'unsafe-eval'" always;
154 
+    add_header X-Frame-Options "SAMEORIGIN";
155 
+
150 
     location /.well-known/matrix/client {
 156 
     location /.well-known/matrix/client {
151 
         default_type application/json;
 157 
         default_type application/json;
152 
         add_header Access-Control-Allow-Origin *;
 158 
         add_header Access-Control-Allow-Origin *;

Write Preview
Loading…
Cancel
Save