diff --git a/etc/nginx/conf.d/sites_miniflux.conf b/etc/nginx/conf.d/sites_miniflux.conf index 285580d..d3e4b28 100644 --- a/etc/nginx/conf.d/sites_miniflux.conf +++ b/etc/nginx/conf.d/sites_miniflux.conf @@ -10,7 +10,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/miniflux.yourdomain.tld/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/miniflux.yourdomain.tld/chain.pem; - include snippets/hsts.conf; include snippets/security.conf; include snippets/cross-origin-security.conf; include snippets/quic.conf; diff --git a/etc/nginx/conf.d/sites_nextcloud.conf b/etc/nginx/conf.d/sites_nextcloud.conf index 7256189..e447aad 100644 --- a/etc/nginx/conf.d/sites_nextcloud.conf +++ b/etc/nginx/conf.d/sites_nextcloud.conf @@ -10,7 +10,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/cloud.yourdomain.tld/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/cloud.yourdomain.tld/chain.pem; - include snippets/hsts.conf; include snippets/security.conf; include snippets/quic.conf; include snippets/proxy.conf; diff --git a/etc/nginx/conf.d/sites_uptime-kuma.conf b/etc/nginx/conf.d/sites_uptime-kuma.conf index 741cb11..7b68172 100644 --- a/etc/nginx/conf.d/sites_uptime-kuma.conf +++ b/etc/nginx/conf.d/sites_uptime-kuma.conf @@ -10,7 +10,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/uptime.yourdomain.tld/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/uptime.yourdomain.tld/chain.pem; - include snippets/hsts.conf; include snippets/security.conf; include snippets/cross-origin-security.conf; include snippets/quic.conf; diff --git a/etc/nginx/conf.d/sites_vaultwarden.conf b/etc/nginx/conf.d/sites_vaultwarden.conf index cd7b078..c734b8b 100644 --- a/etc/nginx/conf.d/sites_vaultwarden.conf +++ b/etc/nginx/conf.d/sites_vaultwarden.conf @@ -10,7 +10,6 @@ server { ssl_certificate_key /etc/letsencrypt/live/vault.yourdomain.tld/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/vault.yourdomain.tld/chain.pem; - include snippets/hsts.conf; include snippets/security.conf; include snippets/cross-origin-security.conf; include snippets/quic.conf; diff --git a/etc/nginx/conf.d/tls.conf b/etc/nginx/conf.d/tls.conf index 271ad0f..35eaf5b 100644 --- a/etc/nginx/conf.d/tls.conf +++ b/etc/nginx/conf.d/tls.conf @@ -19,6 +19,11 @@ ssl_session_ticket_key session-ticket-keys/3.key; ssl_session_ticket_key session-ticket-keys/2.key; ssl_session_ticket_key session-ticket-keys/1.key; +# Enable HSTS header + +proxy_hide_header Strict-Transport-Security; +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + ## The following settings need to be declared manually per vhost: # ssl_certificate # ssl_certificate_key diff --git a/etc/nginx/snippets/hsts.conf b/etc/nginx/snippets/hsts.conf deleted file mode 100644 index 14cca7f..0000000 --- a/etc/nginx/snippets/hsts.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Enable HSTS header -# Only add this to server blocks with TLS - -proxy_hide_header Strict-Transport-Security; -add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; \ No newline at end of file diff --git a/setup.sh b/setup.sh index 19351a6..b94f6e6 100644 --- a/setup.sh +++ b/setup.sh @@ -128,7 +128,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/conf.d/tls.conf | sudo tee /etc/nginx/conf.d/tls.conf > /dev/null sudo mkdir -p /etc/nginx/snippets -unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/hsts.conf | sudo tee /etc/nginx/snippets/hsts.conf > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/proxy.conf | sudo tee /etc/nginx/snippets/proxy.conf > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/quic.conf | sudo tee /etc/nginx/snippets/quic.conf > /dev/null unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/security.conf | sudo tee /etc/nginx/snippets/security.conf > /dev/null