daniel/dotfiles
1
0
Fork 0
Code Activity Actions

sail: Fix HSTS preload entries

Browse source
This commit is contained in:
Daniel Kempkens 2023-03-06 23:39:49 +01:00
parent 6adbb3bbda
commit 17c445c8e4
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
container/webserver/default.nix
View file

@ -51,6 +51,7 @@ in
extraConfig = '' extraConfig = ''
index index.html; index index.html;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
''; '';
locations."~* \.html$".extraConfig = '' locations."~* \.html$".extraConfig = ''

4
system/nixos/freshrss.nix
View file

@ -27,6 +27,10 @@
forceSSL = true; forceSSL = true;
useACMEHost = "kempkens.io"; useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
# php files handling # php files handling
# this regex is mandatory because of the API # this regex is mandatory because of the API
locations."~ ^.+?\.php(/.*)?$".extraConfig = '' locations."~ ^.+?\.php(/.*)?$".extraConfig = ''

4
system/nixos/mastodon.nix
View file

@ -77,6 +77,10 @@ in
forceSSL = true; forceSSL = true;
useACMEHost = "kempkens.io"; useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."/system/" = { locations."/system/" = {
extraConfig = '' extraConfig = ''
rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent; rewrite ^/system/?(.*)$ https://mastodon-cdn.kempkens.io/$1 permanent;

22
system/nixos/ntfy-sh.nix
View file

@ -20,18 +20,20 @@
}; };
}; };
services.nginx = { services.nginx.virtualHosts."ntfy.kempkens.io" = {
virtualHosts."ntfy.kempkens.io" = { http3 = true;
http3 = true;
forceSSL = true; forceSSL = true;
useACMEHost = "kempkens.io"; useACMEHost = "kempkens.io";
locations."/" = { extraConfig = ''
recommendedProxySettings = true; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
proxyWebsockets = true; '';
proxyPass = "http://127.0.0.1:8004";
}; locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:8004";
}; };
}; };
} }

4
system/nixos/synapse.nix
View file

@ -95,6 +95,10 @@
forceSSL = true; forceSSL = true;
useACMEHost = "kempkens.io"; useACMEHost = "kempkens.io";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
locations."~ ^(/_matrix|/_synapse/client)" = { locations."~ ^(/_matrix|/_synapse/client)" = {
recommendedProxySettings = true; recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8008"; proxyPass = "http://127.0.0.1:8008";