From 5c7404d22856a332ea4176beb88be3723a6a169e Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Wed, 18 Mar 2015 10:20:55 +0300 Subject: [PATCH] roles/nginx: Correct HSTS header in https template Apparently the "always" syntax isn't used anymore (ever?), not sure where I got it from but this definitely causes HSTS to not work. See: https://mozilla.github.io/server-side-tls/ssl-config-generator/ See: https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html Signed-off-by: Alan Orth --- roles/nginx/templates/https.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2 index df0aa13..d3fabeb 100644 --- a/roles/nginx/templates/https.j2 +++ b/roles/nginx/templates/https.j2 @@ -35,5 +35,5 @@ spdy_headers_comp 6; # Enable this if you want HSTS (recommended, but be careful) - add_header Strict-Transport-Security max-age=15768000 always; + add_header Strict-Transport-Security max-age=15768000;