summaryrefslogtreecommitdiffstats
path: root/debian/netdata-web.README.Debian
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 14:31:18 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 14:31:18 +0000
commit33bf274e12fc252b226e27a80f7edb0960ea68e5 (patch)
treedc335557085ce47d3e70b3b147f47a7b1857ed51 /debian/netdata-web.README.Debian
parentAdding upstream version 1.37.1. (diff)
downloadnetdata-debian.tar.xz
netdata-debian.zip
Adding debian version 1.37.1-2.debian/1.37.1-2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--debian/netdata-web.README.Debian20
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/netdata-web.README.Debian b/debian/netdata-web.README.Debian
new file mode 100644
index 0000000..6f21e2d
--- /dev/null
+++ b/debian/netdata-web.README.Debian
@@ -0,0 +1,20 @@
+netdata-web for Debian
+======================
+
+1. Content-Security-Policy (CSP)
+--------------------------------
+
+By default netdata uses its own embedded webserver, listening to localhost:19999
+only. When exposing netdata to the network, it is recommended for security
+reasons to use a reverse proxy in front of it, such as apache2 (see
+netdata-apache2 package).
+
+If the proxy wants to set Content-Security-Policy headers, it can use the
+following for netdata (for apache2):
+
+ Header always set Content-Security-Policy "default-src 'unsafe-inline' \
+ http://localhost:19999 https: 'self' 'unsafe-eval'; script-src \
+ 'unsafe-inline' https: 'self' 'unsafe-eval'; style-src https: 'self' \
+ 'unsafe-inline'"
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 12 Aug 2019 20:11:00 +0200