CU-cunmby Added nginx mod_security to http role

ansible/roles/http/files/nginx/nginx.conf

@@ -1,14 +1,17 @@
 user http;
 worker_processes  1;
 
-error_log  /var/log/nginx/error.log;
+load_module /usr/lib/nginx/modules/ngx_http_modsecurity_module.so;
+
+error_log  /var/log/nginx/error.log info;
 
 events {
   worker_connections  1024;
 }
 
 http {
-  include       mime.types;
+  include mime.types;
+
   default_type  application/octet-stream;
 
   log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
@@ -18,6 +21,7 @@ http {
   access_log  /var/log/nginx/access.log  main;
 
   sendfile        on;
+  server_tokens   off;
   #tcp_nopush     on;
 
   keepalive_timeout 65;
@@ -25,6 +29,11 @@ http {
   gzip on;
   gzip_disable "mise6";
 
+  client_body_buffer_size     1k;
+  client_header_buffer_size   1k;
+  client_max_body_size        2k;
+  large_client_header_buffers 2 1k;
+
   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";