From a03c6c088aaef72d30657ba6f415cd92e113ee86 Mon Sep 17 00:00:00 2001
From: Philip Bjorge <philipbjorge@gmail.com>
Date: Tue, 27 Jun 2017 17:47:00 -0700
Subject: [PATCH] HSTS for SSL Terminated Environments

---
 controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
index 59ed85844..62c5c16bb 100644
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@@ -298,7 +298,7 @@ http {
         ssl_certificate_key                     {{ $server.SSLCertificate }};
         {{ end }}
 
-        {{ if (and (not (empty $server.SSLCertificate)) $cfg.HSTS) }}
+        {{ if (and $cfg.HSTS (or (not (empty $server.SSLCertificate)) $location.Redirect.ForceSSLRedirect)) }}
         more_set_headers                        "Strict-Transport-Security: max-age={{ $cfg.HSTSMaxAge }}{{ if $cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }};{{ if $cfg.HSTSPreload }} preload{{ end }}";
         {{ end }}