NGINX Security Headers

Oct 12, 2017
39
0
6
49
Hi there,
I implemented today successful the security headers for:

• X-Content-Type-Options
• X-XSS-Protection
• Referrer-Policy
• Strict-Transport-Security

But the last two headers Content-Security-Policy and X-Frame-Options break my head all afternoon.
For X-Frame-Options I tried all possibilities but it seems while setting this the shell is not working anymore, the same for the Content-Security-Policy. Is there a recommendation for these two headers for Proxmox?
 
Oct 12, 2017
39
0
6
49
X-Frame-Options
SAMEORIGIN the shell is gray nothing happens
ALLOW-FROM https://example.com/
I tried localhost, localhost:8006, 127.0.0.1, 127.0.0.1:8006, also port 5900, URL, Public IP etc.
Everytime when I enable that header the shell in Proxmox stays gray, have to disable that header again.
 

Roger Kunz

New Member
Apr 18, 2019
1
0
1
18
Hey,

I know it's a little bit late but in case anyone is seeing this who is having the same problem:
I had the same problem today and found a Solution. When defining the 'Content-Security-Policy' you have to make sure you're setting the two values 'unsafe-eval' and 'unsafe-inline' in order to access Proxmox.

My Complete CSP String:
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' fonts.gstatic.com data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';

From this point on you should be able to access Proxmox.
The next problem I had was: I couldn't connect to the NoVNC Consoles.
Make sure you've set these 3 Parameters in your location{} part:
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header Upgrade $http_upgrade;

If anyone needs some more help or wants to see my complete NGINX Configuration, please let me know.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!