Add sample configuration

sample-configurations/README.md

@@ -0,0 +1,5 @@
+# Sample Configurations
+
+These are sample cofigutations for some common stacks.
+
+I am writing these for convenience and to do demos. I do not actually use them in production, so they will not be maintained properly like the main configurations.

sample-configurations/snippets/security-drupal-no-proxy.conf

@@ -0,0 +1,16 @@
+# Drupal Configuration
+
+# Drupal sets  X-Frame-Options and X-Content-Type-Options by itself. 
+# If you are not using a reverse proxy and just serve the files by NGINX itself, use this configuration.
+
+# We do not set clipboard-write() here, because it is very commonly used
+proxy_hide_header Strict-Transport-Security;
+add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
+
+proxy_hide_header Permissions-Policy;
+add_header Referrer-Policy "same-origin" always;
+
+# Obsolete and replaced by Content-Security-Policy
+# Only here to pass Hardenize checks
+proxy_hide_header X-XSS-Protection;
+add_header X-XSS-Protection "0" always;