add security.txt

2024-04-21 11:12:36 +02:00 · 2024-04-21 11:12:36 +02:00 · 999ad37b11
commit 999ad37b11
parent cd5d0b8232
2 changed files with 13 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -35,6 +35,12 @@ force_ssl: True
 # generate a self signed certificate as default ssl cert
 snakeoil_default: False

+# if set, nginx will render the content at /.well-known/security.txt
+# see https://www.rfc-editor.org/rfc/rfc9116 for valid fields
+security.txt: |
+  Contact: mailto:security@example.com
+  Expires: 2024-04-20T23:42:00.000Z
+
 # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
 # either "False", "True" or a dict *phpconfig*, see below for definition
 php: False
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@ -113,6 +113,13 @@ server {
 	{% endif %}


+	{% if nginx.security_txt is defined %}
+	location /.well-known/security.txt {
+		add_header Content-Type text/plain;
+		return 200 "{{ nginx.security_txt | replace('\n', '\\n') }}";
+	}
+	{% endif %}
+
 	{% if vhost.auth.enable %}
 	auth_basic           "restricted area";
 	auth_basic_user_file {{ vhost.auth.path }};