aboutsummaryrefslogtreecommitdiffhomepage
path: root/support/nginx/peertube
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2020-03-03 11:40:45 +0100
committerRigel Kent <sendmemail@rigelk.eu>2020-03-03 11:40:45 +0100
commit62df8cc1f0787e60e9c697c7d2499a641af2147f (patch)
tree52cf27be33bde014b5ef9fa4b286f4e3c43bb4dc /support/nginx/peertube
parent3729e048a9745cc5cd514c66f874f566e41415d4 (diff)
downloadPeerTube-62df8cc1f0787e60e9c697c7d2499a641af2147f.tar.gz
PeerTube-62df8cc1f0787e60e9c697c7d2499a641af2147f.tar.zst
PeerTube-62df8cc1f0787e60e9c697c7d2499a641af2147f.zip
Reword HSTS configuration to warn user of nginx's add_header shortcomings
Diffstat (limited to 'support/nginx/peertube')
-rw-r--r--support/nginx/peertube8
1 files changed, 2 insertions, 6 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index 50d3a919f..14e60ed7d 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -33,6 +33,8 @@ server {
33 ssl_session_tickets off; # Requires nginx >= 1.5.9 33 ssl_session_tickets off; # Requires nginx >= 1.5.9
34 ssl_stapling on; # Requires nginx >= 1.3.7 34 ssl_stapling on; # Requires nginx >= 1.3.7
35 ssl_stapling_verify on; # Requires nginx => 1.3.7 35 ssl_stapling_verify on; # Requires nginx => 1.3.7
36 # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
37 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
36 38
37 # Configure with your resolvers 39 # Configure with your resolvers
38 # resolver $DNS-IP-1 $DNS-IP-2 valid=300s; 40 # resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
@@ -49,12 +51,6 @@ server {
49 # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path 51 # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
50 # client_body_temp_path /var/www/peertube/storage/nginx/; 52 # client_body_temp_path /var/www/peertube/storage/nginx/;
51 53
52 # Enable HSTS
53 # Tells browsers to stick with HTTPS and never visit the insecure HTTP
54 # version. Once a browser sees this header, it will only visit the site over
55 # HTTPS for the next 2 years: (read more on hstspreload.org)
56 #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
57
58 access_log /var/log/nginx/peertube.example.com.access.log; 54 access_log /var/log/nginx/peertube.example.com.access.log;
59 error_log /var/log/nginx/peertube.example.com.error.log; 55 error_log /var/log/nginx/peertube.example.com.error.log;
60 56