nginx: Enable HSTS
This commit is contained in:
parent
d6e1cd3ffa
commit
3bdbe66fe4
|
@ -63,7 +63,10 @@
|
||||||
lib.recursiveUpdate {
|
lib.recursiveUpdate {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
|
locations."/".proxyPass = "http://127.0.0.1:${toString port}";
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
'';
|
||||||
} extra;
|
} extra;
|
||||||
domain = config.services.nginx.domain;
|
domain = config.services.nginx.domain;
|
||||||
in {
|
in {
|
||||||
|
|
Loading…
Reference in a new issue