diff --git a/Dockerfile b/Dockerfile
index fb9a9f7358bddbebf938a7614a80b35ac12d23d3..b0e3f35071c7c46d70fdd7f1155ef13c3728103b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,7 @@
-FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/nginx-hugo:1.24.0-22.03-lts-sp1-0.121.1
+FROM swr.cn-north-4.myhuaweicloud.com/opensourceway/openeuler/nginx-hugo:latest
+
+RUN yum update -y \
+ && yum install -y pcre-devel
RUN git config --global http.postBuffer 1048576000 && \
git config --global https.postBuffer 1048576000
diff --git a/config.toml b/config.toml
index 4e8b0ce43882c267c8ba33b4d71fdf6dca5e8dcb..f02a40a72d961c8aab92ae138d367c336c74a429 100644
--- a/config.toml
+++ b/config.toml
@@ -136,7 +136,7 @@ paginate = 10
defaultKeywords = ["devows", "hugo", "go", "openGauss"]
author = "Site template made by devcows Modified by openGauss team"
defaultDescription = "Select the version and chapter of the openGauss documentation you want to view."
- email = "contact@opengauss.org"
+ email = "contact@public.opengauss.org"
### DOC Configurations
BookRepo = 'https://gitee.com/opengauss/docs/tree/website-v2/'
diff --git a/deploy/nginx.conf b/deploy/nginx.conf
index 056bfbf4ce888549702a4233eda478b51a5dbd50..8a9f28535af78c6266e4ebefe399af98b546f846 100644
--- a/deploy/nginx.conf
+++ b/deploy/nginx.conf
@@ -66,13 +66,34 @@ http {
server_name localhost;
charset utf-8;
limit_conn perserver 50;
- if ($request_method = 'OPTIONS') {
- return 401;
+
+ if ($request_method !~ ^(GET|HEAD|POST)$) {
+ return 444;
}
+
location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header Content-Security-Policy "script-src 'self' https://hm.baidu.com https://unpkg.com/@opensig/ 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none'";
+ add_header Cache-Control "no-cache,no-store,must-revalidate";
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+ add_header Pragma no-cache;
+ add_header Expires 0;
+
+ location ~* ^/(css|js|img)(/|$) {
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+ add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-src 'none'";
+ add_header Cache-Control "public,max-age=1209600";
+ expires 14d;
+ }
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
}
error_page 404 /zh/404.html;
@@ -81,12 +102,21 @@ http {
root /usr/share/nginx/html;
}
- location /api-search/ {
+ location /api-search/ {
proxy_pass https://doc-search-opengauss.osinfra.cn/;
}
- location /api-dsapi/ {
+ location /api-dsapi/ {
proxy_pass https://dsapi.osinfra.cn/;
+
+ proxy_set_header X-Forwarded-For $http_x_real_ip;
+ add_header X-XSS-Protection "1; mode=block";
+ add_header X-Frame-Options DENY;
+ add_header X-Content-Type-Options nosniff;
+ add_header Content-Security-Policy "script-src 'self'; object-src 'none'; frame-src 'none'";
+ add_header Cache-Control "no-cache,no-store,must-revalidate";
+ add_header Pragma no-cache;
+ add_header Expires 0;
}
location ~ /\. {
diff --git a/layouts/partials/float-popup.html b/layouts/partials/float-popup.html
index ce3f88f9b7711319a5337cdadb9a7d6babfe9804..a17e9db3794eec0849a5e685d2765a83e145df1d 100644
--- a/layouts/partials/float-popup.html
+++ b/layouts/partials/float-popup.html
@@ -26,8 +26,8 @@
感谢您的反馈,如需帮助可联系contact@opengauss.org
+ href="mailto:contact@public.opengauss.org"
+ >contact@public.opengauss.org
diff --git a/layouts/partials/float.html b/layouts/partials/float.html
index ad9184564ce04b2b864ee211e0494d4846de8921..b347eee4ae3de0c5263bbf77cbfcce8518f79639 100644
--- a/layouts/partials/float.html
+++ b/layouts/partials/float.html
@@ -22,7 +22,7 @@
{{i18n "copy_right"}}
- 
- 
- 
- 
- 
- 
- 