ISTI-ansible-roles
/
ansible-role-nginx
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Optionally include subdomains in transport security.

This commit is contained in:
Andrea Dell'Amico 2021-07-28 13:36:31 +02:00
parent 61e6de8a06
commit e538066bf4
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -13,6 +13,8 @@ nginx_org_modules: []
# enabled: yes # enabled: yes
# See https://mozilla.github.io/server-side-tls/ssl-config-generator/ # See https://mozilla.github.io/server-side-tls/ssl-config-generator/
nginx_ssl_level: intermediate nginx_ssl_level: intermediate
nginx_strict_transport_security_expire: 15768000
nginx_strict_transport_security_include_subdomains: False
nginx_snippets_dir: /etc/nginx/snippets nginx_snippets_dir: /etc/nginx/snippets

2
templates/nginx-server-ssl.conf.j2
View File

@ -45,5 +45,5 @@ ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain;
{% else %} {% else %}
ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/nginx/ssl/cacert.crt') }}; ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/nginx/ssl/cacert.crt') }};
{% endif %} {% endif %}
add_header Strict-Transport-Security max-age=15768000; add_header Strict-Transport-Security "max-age={{ nginx_strict_transport_security_expire }}{% if nginx_strict_transport_security_include_subdomains %}; includeSubdomains{% endif %}";
{% endif %} {% endif %}