web: Add ENABLE_HSTS flag to disable strict-transport-security header

pull/899/head
Cosmo Myzrail Gorynych aka CoMiGo 4 years ago committed by GitHub
parent f8560371f5
commit 0b2514101c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 1
      docker-compose.yml
  2. 5
      env.example
  3. 2
      web/rootfs/defaults/ssl.conf

@ -14,6 +14,7 @@ services:
environment:
- ENABLE_LETSENCRYPT
- ENABLE_HTTP_REDIRECT
- ENABLE_HSTS
- ENABLE_XMPP_WEBSOCKET
- DISABLE_HTTPS
- LETSENCRYPT_DOMAIN

@ -364,6 +364,11 @@ JIBRI_LOGS_DIR=/config/logs
# Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1
# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1
# Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1

@ -23,4 +23,6 @@ ssl_prefer_server_ciphers off;
ssl_dhparam /defaults/ffdhe2048.txt;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
{{ if .Env.ENABLE_HSTS | default "1" | toBool }}
add_header Strict-Transport-Security "max-age=63072000" always;
{{ end }}

Loading…
Cancel
Save