sail: Fix HSTS preload entries
This commit is contained in:
parent
6adbb3bbda
commit
17c445c8e4
5 changed files with 25 additions and 10 deletions
|
@ -51,6 +51,7 @@ in
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
index index.html;
|
index index.html;
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
'';
|
'';
|
||||||
|
|
||||||
locations."~* \.html$".extraConfig = ''
|
locations."~* \.html$".extraConfig = ''
|
||||||
|
|
|
@ -27,6 +27,10 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "kempkens.io";
|
useACMEHost = "kempkens.io";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
'';
|
||||||
|
|
||||||
# php files handling
|
# php files handling
|
||||||
# this regex is mandatory because of the API
|
# this regex is mandatory because of the API
|
||||||
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
|
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
|
||||||
|
|
|
@ -77,6 +77,10 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "kempkens.io";
|
useACMEHost = "kempkens.io";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
'';
|
||||||
|
|
||||||
locations."/system/" = {
|
locations."/system/" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
|
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;
|
||||||
|
|
|
@ -20,18 +20,20 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx.virtualHosts."ntfy.kempkens.io" = {
|
||||||
virtualHosts."ntfy.kempkens.io" = {
|
http3 = true;
|
||||||
http3 = true;
|
|
||||||
|
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "kempkens.io";
|
useACMEHost = "kempkens.io";
|
||||||
|
|
||||||
locations."/" = {
|
extraConfig = ''
|
||||||
recommendedProxySettings = true;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
proxyWebsockets = true;
|
'';
|
||||||
proxyPass = "http://127.0.0.1:8004";
|
|
||||||
};
|
locations."/" = {
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
proxyWebsockets = true;
|
||||||
|
proxyPass = "http://127.0.0.1:8004";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,6 +95,10 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "kempkens.io";
|
useACMEHost = "kempkens.io";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||||
|
'';
|
||||||
|
|
||||||
locations."~ ^(/_matrix|/_synapse/client)" = {
|
locations."~ ^(/_matrix|/_synapse/client)" = {
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
proxyPass = "http://127.0.0.1:8008";
|
proxyPass = "http://127.0.0.1:8008";
|
||||||
|
|
Loading…
Reference in a new issue