##// END OF EJS Templates
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits....
pull-requests: increase stability of concurrent pull requests creation by flushing prematurly the statuses of commits. This is required to increase the versions on each concurrent call. Otherwise we could get into an integrity errors of commitsha+version+repo

File last commit:

r1:854a839a default
r3408:2a133f7e stable
Show More
sec-x-frame.rst
56 lines | 1.8 KiB | text/x-rst | RstLexer

Securing HTTPS Connections

  • To secure your |RCE| instance against Cross Frame Scripting exploits, you should configure your webserver x-frame-options setting.
  • To configure your instance for HTTP Strict Transport Security, you need to configure the Strict-Transport-Security setting.

Nginx

In your nginx configuration, add the following lines in the correct files. For more detailed information see the :ref:`nginx-ws-ref` section.

# Add this line to the nginx.conf file
add_header X-Frame-Options SAMEORIGIN;

# This line needs to be added inside your virtual hosts block/file
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";

Apache

In your :file:`apache2.conf` file, add the following line. For more detailed information see the :ref:`apache-ws-ref` section.

# Add this to your virtual hosts file
Header always append X-Frame-Options SAMEORIGIN

# Add this line in your virtual hosts file
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

|RCE| Configuration

|RCE| can also be configured to force strict https connections and Strict Transport Security. To set this, configure the following options to true in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.

## force https in RhodeCode, fixes https redirects, assumes it's always https
force_https = false

## use Strict-Transport-Security headers
use_htsts = false