From 6328da8c017cf00d3c0ac8824ec5af128f6db42e Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Sun, 9 Sep 2018 22:10:38 +0200 Subject: make HSTS opt-in and leave it to the reverse-proxy --- support/nginx/peertube | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'support/nginx/peertube') diff --git a/support/nginx/peertube b/support/nginx/peertube index 0720dbd97..5d97c0cf1 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube @@ -44,7 +44,11 @@ server { gzip_types text/css text/html application/javascript; gzip_vary on; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + # Enable HSTS + # Tells browsers to stick with HTTPS and never visit the insecure HTTP + # version. Once a browser sees this header, it will only visit the site over + # HTTPS for the next 2 years: (read more on hstspreload.org) + #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; access_log /var/log/nginx/peertube.example.com.access.log; error_log /var/log/nginx/peertube.example.com.error.log; -- cgit v1.2.3