nginx: HSTS: subdomains & preload

This commit is contained in:
Aminda Suomalainen 2015-07-22 12:55:51 +03:00
parent ff94369b6d
commit 2ba606cce6
3 changed files with 7 additions and 1 deletions

View File

@ -31,7 +31,7 @@ server {
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
# Enable this if your want HSTS (recommended) # Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
# OCSP Stapling --- # OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them # fetch OCSP records from URL in ssl_certificate and cache them

View File

@ -4,6 +4,9 @@ server {
listen 443; listen 443;
listen [::]:443; listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
server_name something.example.org; server_name something.example.org;
# NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf # NOTE: For X-Real-IP & X-Forwarded-For see ../conf.d/rproxy.conf

View File

@ -6,6 +6,9 @@ server {
listen 443; listen 443;
listen [::]:443; listen [::]:443;
# Enable this if your want HSTS (recommended)
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
root /var/www/vhostdir; root /var/www/vhostdir;
index index.php index.html index.htm; index index.php index.html index.htm;