diff options
| author | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-09 22:10:38 +0200 |
|---|---|---|
| committer | Rigel Kent <sendmemail@rigelk.eu> | 2018-09-09 22:10:38 +0200 |
| commit | 6328da8c017cf00d3c0ac8824ec5af128f6db42e (patch) | |
| tree | 462f5c2e705a8013a614c9a0ed4e382ed55032e8 /support/nginx | |
| parent | 20c3a59e2c81bb00be943ccc51efe175c08eaa4e (diff) | |
| download | PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.gz PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.tar.zst PeerTube-6328da8c017cf00d3c0ac8824ec5af128f6db42e.zip | |
make HSTS opt-in and leave it to the reverse-proxy
Diffstat (limited to 'support/nginx')
| -rw-r--r-- | support/nginx/peertube | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube index 0720dbd97..5d97c0cf1 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube | |||
| @@ -44,7 +44,11 @@ server { | |||
| 44 | gzip_types text/css text/html application/javascript; | 44 | gzip_types text/css text/html application/javascript; |
| 45 | gzip_vary on; | 45 | gzip_vary on; |
| 46 | 46 | ||
| 47 | add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | 47 | # Enable HSTS |
| 48 | # Tells browsers to stick with HTTPS and never visit the insecure HTTP | ||
| 49 | # version. Once a browser sees this header, it will only visit the site over | ||
| 50 | # HTTPS for the next 2 years: (read more on hstspreload.org) | ||
| 51 | #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; | ||
| 48 | 52 | ||
| 49 | access_log /var/log/nginx/peertube.example.com.access.log; | 53 | access_log /var/log/nginx/peertube.example.com.access.log; |
| 50 | error_log /var/log/nginx/peertube.example.com.error.log; | 54 | error_log /var/log/nginx/peertube.example.com.error.log; |