diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:58:04 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 02:58:04 +0000 |
| commit | 89f8d515746f459d7ca8e6261bd590bd1b4602bd (patch) | |
| tree | e419fa4503aef64498a4e74697f5b35b26e9c8d6 /debian/netdata-web.README.Debian | |
| parent | Adding upstream version 1.44.3. (diff) | |
| download | netdata-89f8d515746f459d7ca8e6261bd590bd1b4602bd.tar.xz netdata-89f8d515746f459d7ca8e6261bd590bd1b4602bd.zip | |
Adding debian version 1.44.3-2.debian/1.44.3-2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/netdata-web.README.Debian')
| -rw-r--r-- | debian/netdata-web.README.Debian | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/debian/netdata-web.README.Debian b/debian/netdata-web.README.Debian new file mode 100644 index 00000000..6f21e2d8 --- /dev/null +++ b/debian/netdata-web.README.Debian @@ -0,0 +1,20 @@ +netdata-web for Debian +====================== + +1. Content-Security-Policy (CSP) +-------------------------------- + +By default netdata uses its own embedded webserver, listening to localhost:19999 +only. When exposing netdata to the network, it is recommended for security +reasons to use a reverse proxy in front of it, such as apache2 (see +netdata-apache2 package). + +If the proxy wants to set Content-Security-Policy headers, it can use the +following for netdata (for apache2): + + Header always set Content-Security-Policy "default-src 'unsafe-inline' \ + http://localhost:19999 https: 'self' 'unsafe-eval'; script-src \ + 'unsafe-inline' https: 'self' 'unsafe-eval'; style-src https: 'self' \ + 'unsafe-inline'" + + -- Daniel Baumann <daniel.baumann@progress-linux.org> Mon, 12 Aug 2019 20:11:00 +0200 |