sail: Fix HSTS preload entries
This commit is contained in:
parent
6adbb3bbda
commit
17c445c8e4
5 changed files with 25 additions and 10 deletions
|
@ -51,6 +51,7 @@ in
|
|||
|
||||
extraConfig = ''
|
||||
index index.html;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
locations."~* \.html$".extraConfig = ''
|
||||
|
|
|
@ -27,6 +27,10 @@
|
|||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
# php files handling
|
||||
# this regex is mandatory because of the API
|
||||
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
|
||||
|
|
|
@ -77,6 +77,10 @@ in
|
|||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
locations."/system/" = {
|
||||
extraConfig = ''
|
||||
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
|
||||
|
|
|
@ -20,18 +20,20 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."ntfy.kempkens.io" = {
|
||||
http3 = true;
|
||||
services.nginx.virtualHosts."ntfy.kempkens.io" = {
|
||||
http3 = true;
|
||||
|
||||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://127.0.0.1:8004";
|
||||
};
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
locations."/" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://127.0.0.1:8004";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -95,6 +95,10 @@
|
|||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
|
||||
locations."~ ^(/_matrix|/_synapse/client)" = {
|
||||
recommendedProxySettings = true;
|
||||
proxyPass = "http://127.0.0.1:8008";
|
||||
|
|
Loading…
Reference in a new issue