• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved How do I parameterize domain.tld in the nginx additional directives?

W

Walter

Basic Pleskian
What is the proper way to parameterize the domain name in nginx additional directives?

Code: 
add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri domain.tld www.domain.tld; referrer no-referrer-when-downgrade";

I'd like to apply the CSP to multiple domains without having to customize each domain. I'd like to parameterize the domain.tld value in the code above ie something like $domain. Additionally how would I append www. to it such as: "www.$domain"?

Thank you so much for your time...
 
You can try to extract necessary lines with something like:

# for i in `mysql -uadmin -p\`cat /etc/psa/.psa.shadow\` psa -Ns -e "select name from domains"`; do echo 'add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri' $i www.$i'; referrer no-referrer-when-downgrade";'; done

then use this output for some kind of script for updating corresponding vhost's nginx configs.
 
Thank you IgorG I think that could work. Just concerned about the overhead that would place having to evaluate? I think I found the formal nginx parameter to use.

In short, rather than using domain.tld and www.domain.tld I used...
Code: 
base-uri $host www.$host;

Here is a list of variables that nginx will recognize:
Alphabetical index of variables

Here is the code I chose to use for my generic CSP. Of course certain sites may need to have this altered...
Code: 
add_header Content-Security-Policy "default-src 'none'; script-src 'self' https://www.google-analytics.com/; style-src 'self' https://fonts.googleapis.com; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; reflected-xss block; base-uri $host www.$host; referrer no-referrer-when-downgrade";

I validated this by running my URL through Analyse your HTTP response headers which validates my headers and returns the values. It properly converts $host to my domain.tld.
 
You must log in or register to reply here.

Similar threads

A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
3K
AntoineW
A
S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
728
NewGate
N
B
Question nginx only / add_header values are added to all files, even images
Replies
1
Views
736
Peter Debik
P
A
Question How to set passenger for 2 different sites?
Replies
0
Views
1K
arsus
A
R
Question Blocking access to wp-admin with nginx directive
Replies
0
Views
2K
Rooked
R
Back
Top