1
0
Fork 0

sail: Fix HSTS preload entries

This commit is contained in:
Daniel Kempkens 2023-03-06 23:39:49 +01:00
parent 6adbb3bbda
commit 17c445c8e4
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 25 additions and 10 deletions

View file

@ -51,6 +51,7 @@ in
extraConfig = ''
index index.html;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."~* \.html$".extraConfig = ''

View file

@ -27,6 +27,10 @@
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
# php files handling
# this regex is mandatory because of the API
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''

View file

@ -77,6 +77,10 @@ in
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = {
extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;

View file

@ -20,18 +20,20 @@
};
};
services.nginx = {
virtualHosts."ntfy.kempkens.io" = {
http3 = true;
services.nginx.virtualHosts."ntfy.kempkens.io" = {
http3 = true;
forceSSL = true;
useACMEHost = "kempkens.io";
forceSSL = true;
useACMEHost = "kempkens.io";
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8004";
};
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8004";
};
};
}

View file

@ -95,6 +95,10 @@
forceSSL = true;
useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."~ ^(/_matrix|/_synapse/client)" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8008";