bert.hausmans/crewli-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
18fb035c238d9814a37d32f50b1c81f3853f2931
crewli-old/deploy
History

README.md

Crewli Deployment — Security Configuration

Nginx Security Headers

Copy the configuration snippets to your Nginx server:

API (api.crewli.app)

server {
    server_name api.crewli.app;

    include /path/to/deploy/nginx/security-headers.conf;
    include /path/to/deploy/nginx/csp-api.conf;

    # ... rest of config
}

Organizer App (crewli.app)

server {
    server_name crewli.app;

    include /path/to/deploy/nginx/security-headers.conf;
    include /path/to/deploy/nginx/csp-spa.conf;

    # ... rest of config
}

Portal (portal.crewli.app)

server {
    server_name portal.crewli.app;

    include /path/to/deploy/nginx/security-headers.conf;
    include /path/to/deploy/nginx/csp-portal.conf;

    # ... rest of config
}

CSP Rollout Process

  1. Start with Content-Security-Policy-Report-Only (uncomment in csp-spa.conf)
  2. Monitor browser console for CSP violations for 1-2 weeks
  3. Add any missing sources to the policy
  4. Switch to enforcing Content-Security-Policy
  5. Monitor for false positives after enforcement

DirectAdmin Integration

If using DirectAdmin with Nginx:

  1. Place the .conf files in /usr/local/directadmin/data/users/USERNAME/nginx.conf or use DirectAdmin's custom Nginx configuration feature
  2. Reload Nginx: service nginx reload
  3. Verify headers: curl -I https://crewli.app | grep -i security
Reference in New Issue View Git Blame Copy Permalink