README updates
This commit is contained in:
parent
e5aaeb499b
commit
d5cf37090c
19
README.md
19
README.md
|
@ -16,7 +16,7 @@ Self-learning project for terraform
|
||||||
|
|
||||||
1. Setup DigitalOcean
|
1. Setup DigitalOcean
|
||||||
2. Add DO infrastructure via ansible
|
2. Add DO infrastructure via ansible
|
||||||
3. Add traefik for proper proxying
|
3. ~Add traefik for proper proxying~
|
||||||
|
|
||||||
# Security Headers note
|
# Security Headers note
|
||||||
|
|
||||||
|
@ -26,11 +26,20 @@ The following security headers are applied using traefik on all traefik frontend
|
||||||
- Redirect HTTP->HTTPS
|
- Redirect HTTP->HTTPS
|
||||||
- contentTypeNosniff: true
|
- contentTypeNosniff: true
|
||||||
- browserXSSFilter: true
|
- browserXSSFilter: true
|
||||||
- XFO: Allow-From muximux
|
- XFO: Allow-From muximux (TODO)
|
||||||
- referrerPolicy: no-referrer
|
- referrerPolicy: no-referrer (TODO)
|
||||||
- X-Powered-By: Allomancy
|
- X-Powered-By: Allomancy
|
||||||
- X-Server: BlackBox
|
- X-Server: BlackBox
|
||||||
- X-Clacks-Overhead "GNU Terry Pratchett"
|
- X-Clacks-Overhead "GNU Terry Pratchett" (TODO)
|
||||||
|
|
||||||
|
Currently waiting on traefik 1.5.0-rc2 to fix security specific headers issue (marked as TODO above).
|
||||||
|
|
||||||
Currently waiting on traefik 1.5.0-rc2 to fix security specific headers issue.
|
## Upstream
|
||||||
|
|
||||||
|
Issues I've faced/reported as a result of this project:
|
||||||
|
|
||||||
|
1. Airsonic HTTPS proxying is broken. Reported: https://github.com/airsonic/airsonic/issues/641
|
||||||
|
2. Traefik docker backend security headers were broken with dashes. Reported at https://github.com/containous/traefik/issues/2493, and fixed by https://github.com/containous/traefik/pull/2496
|
||||||
|
3. Headphones dies repeatedly with no error logs. Yet-to-report.
|
||||||
|
4. Terraform doesn't parse mariadb version numbers. Report: https://github.com/terraform-providers/terraform-provider-mysql/issues/6. Got this fixed myself by filing a PR: https://github.com/hashicorp/go-version/pull/34
|
||||||
|
5. elibsrv didn't support ebook-convert, only mobigen. PR is at https://github.com/captn3m0/elibsrv/pull/1. I've to get this merged upstream for the next release.
|
||||||
|
|
Loading…
Reference in New Issue