Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l websites utils: forceSSL

Browse Source
This commit is contained in:
lassulus 2018-05-07 19:57:44 +02:00
parent c0f7f7bab5
commit e8c4f7c0e4
1 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lass/2configs/websites/util.nix
View File

@ -16,11 +16,7 @@ rec {
in { in {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
extraConfig = ''
listen 80;
listen [::]:80;
'';
serverAliases = domains; serverAliases = domains;
locations."/".extraConfig = '' locations."/".extraConfig = ''
root /srv/http/${domain}; root /srv/http/${domain};
@ -87,12 +83,9 @@ rec {
in { in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80;
listen [::]:80;
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
@ -201,12 +194,9 @@ rec {
in { in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
onlySSL = true; forceSSL = true;
serverAliases = domains; serverAliases = domains;
extraConfig = '' extraConfig = ''
listen 80;
listen [::]:80;
root /srv/http/${domain}/; root /srv/http/${domain}/;
index index.php; index index.php;
access_log /tmp/nginx_acc.log; access_log /tmp/nginx_acc.log;