Merge pull request #9 from RahulMahale/Enable-HSTS-config-in-nginx

fxn · web-flow · commit bf7fab6ddc47 · 2018-07-24T10:24:44.000+02:00
Add HSTS header config in nginx
diff --git a/config/nginx.conf b/config/nginx.conf
@@ -32,6 +32,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }
 
@@ -69,7 +70,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 }
 
 #
@@ -89,6 +90,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }
 
@@ -110,6 +112,7 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS
 
 }
 

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ server {`
`32`	`32`	`ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot`
`33`	`33`	`include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot`
`34`	`34`	`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot`
	`35`	`+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS`
`35`	`36`
`36`	`37`	`}`
`37`	`38`
`@@ -69,7 +70,7 @@ server {`
`69`	`70`	`ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot`
`70`	`71`	`include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot`
`71`	`72`	`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot`
`72`		`-`
	`73`	`+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS`
`73`	`74`	`}`
`74`	`75`
`75`	`76`	`#`
`@@ -89,6 +90,7 @@ server {`
`89`	`90`	`ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot`
`90`	`91`	`include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot`
`91`	`92`	`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot`
	`93`	`+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS`
`92`	`94`
`93`	`95`	`}`
`94`	`96`
`@@ -110,6 +112,7 @@ server {`
`110`	`112`	`ssl_certificate_key /etc/letsencrypt/live/api.rubyonrails.org/privkey.pem; # managed by Certbot`
`111`	`113`	`include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot`
`112`	`114`	`ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot`
	`115`	`+ add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;" always; # config to enable HSTS`
`113`	`116`
`114`	`117`	`}`
`115`	`118`