Categories
SysOps

How to use Nginx reverse proxy to limit external calls inside web-browser

Use Nginx reverse proxy to add Content-Security-Policy header and disable phoning home or external analytics inside web-browser.

Set Content-Security-Policy for Netdata to stop calling home.

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    server {
        listen       80 default_server;
        server_name  _;

	proxy_hide_header Content-Security-Policy;
	add_header Content-Security-Policy "default-src 'self'; script-src 'self'  'unsafe-inline'; style-src 'self' 'unsafe-inline';" always;

  	location / {
		proxy_pass http://127.0.0.1:19999/;
	}
    }
}

Set Content-Security-Policy for RestyaBoard to stop external calls.

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    server {
        listen       80 default_server;
        server_name  _;

	proxy_hide_header Content-Security-Policy;
	add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com/;font-src 'self' http://fonts.gstatic.com/;" always;

  	location / {
		proxy_pass http://127.0.0.1:19999/;
	}
    }
}

This is really useful as you can easily stop external calls inside a web-browser.