All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Added the ability to enable HSTS in custom server fragments configurations, to enable it you will need to add in the server definition the
#hstsheaderannotation
-
Added HSTS header in the server definition
catch-all-server.confandfrom-to-www.conf, if enabled it will automatically add the header in the following servers:- default.conf
- subfolder.conf
- catch-all-server.conf
- from-to-www.conf
- Add the support in the
redirects.mapfile to use$host$request_urias key (left-side) to manage multiple domains on the same nginx instance. - Add the new
1.23.1-alpineimage.
- New
NGINX_HSTS_MAX_AGE,NGINX_HSTS_INCLUDE_SUBDOMAINS,NGINX_HSTS_PRELOADenvironment variables to control theStrict-Transport-Securityheader. By default the HSTS header is disabled.
- The
NGINX_HIDE_DRUPAL_HEADERSenvironment variable to hide the drupal information from the response headers is active by default.
- New Nginx
1.21.6version available.
- New
NGINX_HIDE_DRUPAL_HEADERSenvironment variable to hide the drupal information from the response headers (default: the headers are visible) - New
NGINX_HIDE_SENSITIVE_HEADERSenvironment variable to hide all the sensitive information from the response headers (default: the headers will be removed)
- New
HIDE_GOOGLE_GCS_HEADERSenvironment variable to hide the google response headers coming from the google object storage bucket (default: the headers are hidden)
-
New
NGINX_XFRAME_OPTION_ENABLEenvironment variable to enable X-Frame Options header to indicate whether or not a browser should be allowed to render a page in a frame, iframe, embed, object (default: the header is enabled with "SAMEORIGIN" value) -
New
NGINX_XFRAME_OPTION_VALUEenvironment variable to assign a specific value to the X-Frame Options header . Possible values: SAMEORIGIN , DENY. Default: SAMEORIGIN