From f523e5335f7f6bf95d6174039cb512aeca75af65 Mon Sep 17 00:00:00 2001 From: Clement Michaud Date: Sun, 15 Oct 2017 17:18:15 +0200 Subject: [PATCH] Use HSTS in example --- example/nginx/nginx.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/example/nginx/nginx.conf b/example/nginx/nginx.conf index 5e8a0496..5c215025 100644 --- a/example/nginx/nginx.conf +++ b/example/nginx/nginx.conf @@ -30,6 +30,7 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; location / { proxy_set_header X-Original-URI $request_uri; @@ -58,6 +59,8 @@ http { ssl on; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; } server { @@ -70,6 +73,8 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri; @@ -124,6 +129,8 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri; @@ -161,6 +168,8 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri; @@ -198,6 +207,8 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri; @@ -235,6 +246,8 @@ http { ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/server.key; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + location /auth_verify { internal; proxy_set_header X-Original-URI $request_uri;