alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Parameterize HSTS header

Browse Source 
This parameterizes the HTTP Strict Transport Security header so we
can use it consistently across all templates. Also, it updates the
max-age to be ~1 year in seconds, which is recommended by Google.

See: https://hstspreload.org/
This commit is contained in:
Alan Orth
2021-03-23 15:36:28 +02:00
parent f85eb2841a
commit 96cefc7f74
4 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/nginx/defaults/main.yml
View File

@ -20,6 +20,10 @@ nginx_ssl_protocols: 'TLSv1.2 TLSv1.3'
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
nginx_ssl_stapling_resolver: '1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]'
# HTTP Strict-Transport-Security header, recommended by Google to be ~1 year
# in seconds, see: https://hstspreload.org/
nginx_hsts_max_age: 31536000
# install acme.sh?
# True unless you're in development and using "localhost" + snakeoil certs
use_letsencrypt: True