Turn on HSTS for taiga.fic.o.

2016-09-09 15:22:22 +00:00 · 2016-09-09 15:22:22 +00:00 · cd0cef7b04
commit cd0cef7b04
parent 0174b51be2
1 changed files with 1 additions and 1 deletions
--- a/roles/taiga/templates/taiga-ssl.nginx
+++ b/roles/taiga/templates/taiga-ssl.nginx
@ -6,7 +6,7 @@ server {
    ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
-    # add_header Strict-Transport-Security "max-age=31536000;";
+    add_header Strict-Transport-Security "max-age=31536000;";
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 180m;
    ssl_prefer_server_ciphers on;