🚧🔒 cis nginx hardening

scality · Jul 18, 2024 · 26221df · 26221df
1 parent 994b546
commit 26221df
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/charts/ingress-nginx.yaml b/charts/ingress-nginx.yaml
@@ -43,3 +43,24 @@ controller:
 
 defaultBackend:
   enabled: false
+  extraConfigMaps:
+    - name: cis
+      labels:
+        type: hardening
+      data:
+        keep-alive: '10'
+        hide-headers: 'Server,X-Powered-By'
+        ssl-protocols: 'TLSv1.3'
+        ssl-ciphers: 'ALL:!EXP:!NULL:!ADH:!LOW:!SSLv2:!SSLv3:!MD5:!RC4'
+        enable-ocsp: 'true'
+        client-header-timeout: '10'
+        client-body-timeout: '10'
+    - name: custom-404.html
+      labels:
+        type: custom-404
+      data:
+        custom-404.html: |
+          <html>
+          <head><title>Page Not Found</title></head>
+          <body><h1>404 - Page Not Found</h1></body>
+          </html>