update

2026-06-05 12:40:41 +08:00 · 2026-06-05 12:40:41 +08:00 · 5d83656f2f
commit 5d83656f2f
parent c526d8ae0d
3 changed files with 12 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -14,6 +14,8 @@ In server block:
 ```nginx
 server {
 	# ...
+	include snippets/cert/mydomain.com.conf;
+	include	kit/ssl/hsts.conf;
 	include	kit/ssl/force.conf;
 	# ...
 }
@ -38,4 +40,10 @@ server {
 	include snippets/cert/mydomain.com.conf;
 	# ...
 }
-```
+```
+
+### SSL snippets
+
+- `kit/ssl/security.conf`: TLS protocol and session resumption settings.
+- `kit/ssl/hsts.conf`: HSTS header for HTTPS responses.
+- `kit/ssl/force.conf`: Redirect HTTP requests to HTTPS.
--- a/examples/example.com.conf
+++ b/examples/example.com.conf
@ -12,6 +12,8 @@ server {

 	index index.html index.htm;

+	include snippets/cert/mydomain.com.conf;
+	include kit/ssl/hsts.conf;
 	include kit/redirect/to-primary-domain.conf;
 	include kit/ssl/force.conf;
 }
--- a/ssl/hsts.conf
+++ b/ssl/hsts.conf
@ -4,4 +4,4 @@ if ($scheme = "https") {
 	set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
 }

-add_header	Strict-Transport-Security $hsts_header_value;
+add_header	Strict-Transport-Security $hsts_header_value always;