nginx: Enable HSTS

This commit is contained in:
Tristan Daniël Maat 2021-10-12 13:53:08 +01:00
parent d6e1cd3ffa
commit 3bdbe66fe4
Signed by: tlater
GPG key ID: 49670FD774E43268

View file

@ -63,7 +63,10 @@
lib.recursiveUpdate { lib.recursiveUpdate {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; locations."/".proxyPass = "http://127.0.0.1:${toString port}";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
'';
} extra; } extra;
domain = config.services.nginx.domain; domain = config.services.nginx.domain;
in { in {