security: upgrade Gitea to 1.25.4, add security headers
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
Some checks failed
Build and Deploy GooSeek / build-and-deploy (push) Has been cancelled
- Update Gitea from 1.22.6 to 1.25.4 (fixes CVE-2026-20736, CVE-2026-20912) - Disable public registration - Disable Swagger API - Add nginx-ingress security headers: - X-Content-Type-Options: nosniff - X-XSS-Protection: 1; mode=block - Referrer-Policy: strict-origin-when-cross-origin - Permissions-Policy - Enable HSTS preload - Reorganize Gitea K8s manifests into gitea/ directory Made-with: Cursor
This commit is contained in:
home
29
backend/deploy/k8s/gitea/ingress.yaml
Normal file
29
backend/deploy/k8s/gitea/ingress.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: gitea-ingress
|
||||
namespace: gitea
|
||||
annotations:
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "100m"
|
||||
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
|
||||
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/server-snippet: ""
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
tls:
|
||||
- hosts:
|
||||
- git.gooseek.ru
|
||||
secretName: gitea-tls
|
||||
rules:
|
||||
- host: git.gooseek.ru
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: gitea-http
|
||||
port:
|
||||
number: 3000
|
||||
Reference in New Issue
Block a user