roles/nginx: Parameterize HSTS header

This parameterizes the HTTP Strict Transport Security header so we can use it consistently across all templates. Also, it updates the max-age to be ~1 year in seconds, which is recommended by Google. See: https://hstspreload.org/
2021-03-23 15:36:28 +02:00
parent f85eb2841a
commit 96cefc7f74
4 changed files with 8 additions and 4 deletions
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@ -51,5 +51,5 @@
    # Enable this if you want HSTS (recommended, but be careful)
    # Include all subdomains and indicate to Google that we want this pre-loaded in Chrome's HSTS store
    # See: https://hstspreload.appspot.com/
-    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
+    add_header Strict-Transport-Security "max-age={{ nginx_hsts_max_age }}; includeSubDomains; preload" always;
    {% endif %}