HSTS for SSL Terminated Environments

2017-06-27 17:47:00 -07:00 · 2017-06-27 17:47:00 -07:00 · a03c6c088a
commit a03c6c088a
parent 005ed5243f
1 changed files with 1 additions and 1 deletions
--- a/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
+++ b/controllers/nginx/rootfs/etc/nginx/template/nginx.tmpl
@ -298,7 +298,7 @@ http {
        ssl_certificate_key                     {{ $server.SSLCertificate }};
        {{ end }}

-        {{ if (and (not (empty $server.SSLCertificate)) $cfg.HSTS) }}
+        {{ if (and $cfg.HSTS (or (not (empty $server.SSLCertificate)) $location.Redirect.ForceSSLRedirect)) }}
        more_set_headers                        "Strict-Transport-Security: max-age={{ $cfg.HSTSMaxAge }}{{ if $cfg.HSTSIncludeSubdomains }}; includeSubDomains{{ end }};{{ if $cfg.HSTSPreload }} preload{{ end }}";
        {{ end }}