Merge HSTS headers with TLS config

etc/nginx/conf.d/sites_miniflux.conf

@@ -10,7 +10,6 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/miniflux.yourdomain.tld/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/miniflux.yourdomain.tld/chain.pem;
 
-    include snippets/hsts.conf;
     include snippets/security.conf;
     include snippets/cross-origin-security.conf;
     include snippets/quic.conf;

etc/nginx/conf.d/sites_nextcloud.conf

@@ -10,7 +10,6 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/cloud.yourdomain.tld/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/cloud.yourdomain.tld/chain.pem;
 
-    include snippets/hsts.conf;
     include snippets/security.conf;
     include snippets/quic.conf;
     include snippets/proxy.conf;

etc/nginx/conf.d/sites_uptime-kuma.conf

@@ -10,7 +10,6 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/uptime.yourdomain.tld/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/uptime.yourdomain.tld/chain.pem;
 
-    include snippets/hsts.conf;
     include snippets/security.conf;
     include snippets/cross-origin-security.conf;
     include snippets/quic.conf;

etc/nginx/conf.d/sites_vaultwarden.conf

@@ -10,7 +10,6 @@ server {
     ssl_certificate_key /etc/letsencrypt/live/vault.yourdomain.tld/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/vault.yourdomain.tld/chain.pem;
 
-    include snippets/hsts.conf;
     include snippets/security.conf;
     include snippets/cross-origin-security.conf;
     include snippets/quic.conf;

etc/nginx/conf.d/tls.conf

@@ -19,6 +19,11 @@ ssl_session_ticket_key session-ticket-keys/3.key;
 ssl_session_ticket_key session-ticket-keys/2.key;
 ssl_session_ticket_key session-ticket-keys/1.key;
 
+# Enable HSTS header
+
+proxy_hide_header Strict-Transport-Security;
+add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+
 ## The following settings need to be declared manually per vhost:
 # ssl_certificate
 # ssl_certificate_key

etc/nginx/snippets/hsts.conf

@@ -1,5 +0,0 @@
-# Enable HSTS header
-# Only add this to server blocks with TLS
-
-proxy_hide_header Strict-Transport-Security;
-add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

setup.sh

@@ -128,7 +128,6 @@ unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/conf.d/tls.conf | sudo tee /etc/nginx/conf.d/tls.conf > /dev/null
 
 sudo mkdir -p /etc/nginx/snippets
-unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/hsts.conf | sudo tee /etc/nginx/snippets/hsts.conf > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/proxy.conf | sudo tee /etc/nginx/snippets/proxy.conf > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/quic.conf | sudo tee /etc/nginx/snippets/quic.conf > /dev/null
 unpriv curl -s https://raw.githubusercontent.com/TommyTran732/NGINX-Configs/main/etc/nginx/snippets/security.conf | sudo tee /etc/nginx/snippets/security.conf > /dev/null