• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Resolved How do I parameterize domain.tld in the nginx additional directives?

W

Walter

Basic Pleskian
What is the proper way to parameterize the domain name in nginx additional directives?

Code: 
add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri domain.tld www.domain.tld; referrer no-referrer-when-downgrade";

I'd like to apply the CSP to multiple domains without having to customize each domain. I'd like to parameterize the domain.tld value in the code above ie something like $domain. Additionally how would I append www. to it such as: "www.$domain"?

Thank you so much for your time...
 
You can try to extract necessary lines with something like:

# for i in `mysql -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ns -e "select name from domains"`; do echo 'add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri' $i www.$i'; referrer no-referrer-when-downgrade";'; done

then use this output for some kind of script for updating corresponding vhost's nginx configs.
 
Thank you IgorG I think that could work. Just concerned about the overhead that would place having to evaluate? I think I found the formal nginx parameter to use.

In short, rather than using domain.tld and www.domain.tld I used...
Code: 
base-uri $host www.$host;

Here is a list of variables that nginx will recognize:
Alphabetical index of variables

Here is the code I chose to use for my generic CSP. Of course certain sites may need to have this altered...
Code: 
add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri $host www.$host; referrer no-referrer-when-downgrade";

I validated this by running my URL through Analyse your HTTP response headers which validates my headers and returns the values. It properly converts $host to my domain.tld.
 
You must log in or register to reply here.

Similar threads

K
Forwarded to devs Error message for additional nginx directives are causing confusion when proxy mode is enabled
Replies
1
Views
2K
Sebahat.hadzhi
Sebahat.hadzhi
D
Question nginx cache "Cache requests with cookies" generates broken regex — all whitelisted cookies cause BYPASS
Replies
4
Views
265
dima
D
Y
Question Issue Implementing Dynamic CORS Headers in Plesk’s Additional NGINX Directives
Replies
1
Views
4K
yfain
Y
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
5K
Raul A.
R
s-light
Question NINGX CORS for multiple sub.domains
Replies
1
Views
3K
s-light
s-light
Back
Top