alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Add HTTP Strict Transport Security headers to PHP block 

nginx blocks inherit headers set in blocks above them UNLESS the
current level also sets headers[0]. This was causing PHP requests
to not have STS headers because of the FastCGI cache header which
is set in that block.

[0] http://nginx.org/en/docs/http/ngx_http_headers_module.html

Fixes GitHub #7.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2015-03-19 09:25:28 +03:00
parent 04e453df51
commit 934db06887
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
roles/nginx/templates/vhost.conf.j2
View File

@ -66,6 +66,11 @@ server {
# Don't cache when user shift-refreshes (Pragma: no-cache) or when a user is logged in!
fastcgi_cache_bypass $http_pragma $wordpress_logged_in;
fastcgi_no_cache $http_pragma $wordpress_logged_in;
{% if use_https == "yes" %}
# Enable this if you want HSTS (recommended, but be careful)
add_header Strict-Transport-Security max-age=15768000 always;
{% endif %}
}
include extra-security.conf;