From f5874b66a51fe73712729d0dcc18ebb9a55613e6 Mon Sep 17 00:00:00 2001 From: Viyurz <128215328+Viyurz@users.noreply.github.com> Date: Thu, 23 Nov 2023 13:03:42 +0000 Subject: [PATCH] NGINX RP : HSTS Ajout subDomain & preload --- nginx-rp/nginx.conf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nginx-rp/nginx.conf b/nginx-rp/nginx.conf index 079a6a9..a33d8d5 100644 --- a/nginx-rp/nginx.conf +++ b/nginx-rp/nginx.conf @@ -49,7 +49,7 @@ http { ssl_session_tickets off; # HSTS (ngx_http_headers_module is required) - add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; @@ -172,7 +172,7 @@ http { location ~ ^/(config|healthz|stats/errors|stats/checker) { proxy_pass http://127.0.0.1:8083; - add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; # Disable some features add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; @@ -183,7 +183,7 @@ http { location /static/ { proxy_pass http://127.0.0.1:8083; - add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; # Disable some features add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; @@ -193,7 +193,7 @@ http { location /image_proxy { proxy_pass http://127.0.0.1:8083; - add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; # Disable some features add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"; @@ -203,7 +203,7 @@ http { location / { proxy_pass http://127.0.0.1:8083; - add_header Strict-Transport-Security "max-age=31536000" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Set-Cookie "Path=/; HttpOnly; Secure"; # Disable some features add_header Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";