From c8351dce299302264c75efab69677fa38a3afe10 Mon Sep 17 00:00:00 2001
From: Mark Heiges <mheiges@uga.edu>
Date: Thu, 21 Apr 2016 12:47:32 -0400
Subject: [PATCH] disable server tokens, secure X-Frame-Options

---
 roles/easyredmine/templates/nginx.conf.j2     | 3 +++
 roles/easyredmine/templates/passenger.conf.j2 | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/easyredmine/templates/nginx.conf.j2 b/roles/easyredmine/templates/nginx.conf.j2
index 707d29e..03ed8cd 100644
--- a/roles/easyredmine/templates/nginx.conf.j2
+++ b/roles/easyredmine/templates/nginx.conf.j2
@@ -23,6 +23,9 @@ server {
   ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
 
+  server_tokens off;
+  add_header X-Frame-Options SAMEORIGIN;
+
   root {{ redmine_root_dir }}/public;
   passenger_enabled on;
   client_max_body_size 50M;
diff --git a/roles/easyredmine/templates/passenger.conf.j2 b/roles/easyredmine/templates/passenger.conf.j2
index ae30127..2fa62cf 100644
--- a/roles/easyredmine/templates/passenger.conf.j2
+++ b/roles/easyredmine/templates/passenger.conf.j2
@@ -2,4 +2,4 @@
 passenger_root /usr/share/ruby/vendor_ruby/phusion_passenger/locations.ini;
 passenger_ruby /usr/local/rvm/gems/ruby-{{ ruby_version }}/wrappers/ruby;
 passenger_instance_registry_dir /var/run/passenger-instreg;
-
+passenger_show_version_in_header off;