Verified Commit 2d42be79 authored by Elias Ojala's avatar Elias Ojala
Browse files

HSTS tweaks

parent 5980c7ff
......@@ -125,6 +125,9 @@ filename: `/etc/nginx/snippets/ssl/example.com.conf`
```nginx
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Replace with the domain's HSTS policy
add_header Strict-Transport-Security "max-age=63072000";
```
## SSL params
......@@ -151,7 +154,6 @@ ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000";
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment