From 4697c55b67a040f4973a7ed8af59ef3d1dbdac43 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 12 Dec 2020 20:34:03 +0200
Subject: [PATCH] Add security.txt to all domains.

---
 conf.d/global.conf         | 1 +
 snippets/security-txt.conf | 9 +++++++++
 2 files changed, 10 insertions(+)
 create mode 100644 snippets/security-txt.conf

diff --git a/conf.d/global.conf b/conf.d/global.conf
index fe97f48..da15b04 100644
--- a/conf.d/global.conf
+++ b/conf.d/global.conf
@@ -6,3 +6,4 @@ tcp_nodelay     on;
 server_tokens   off;
 include         snippets/common-headers.conf;
 include         snippets/ads-txt.conf;
+include         snippets/security-txt.conf;
diff --git a/snippets/security-txt.conf b/snippets/security-txt.conf
new file mode 100644
index 0000000..c1f0d21
--- /dev/null
+++ b/snippets/security-txt.conf
@@ -0,0 +1,9 @@
+location = /.well-known/security.txt {
+    if ($scheme = http) {
+        return 301 https://$host$request_uri;
+    }
+    if ($scheme = https) {
+        add_header Content-Type "text/plain; charset=utf-8";
+        return 200 "Contact: mailto:security@shore.co.il\nEncryption: https://www.shore.co.il/blog/static/nimrod.asc";
+    }
+}
-- 
GitLab