From 5d83656f2f5ece16181c828d5c05a8fa067ac974 Mon Sep 17 00:00:00 2001
From: dallaslu <dallaslu@noreply.forge.st>
Date: Fri, 5 Jun 2026 12:40:41 +0800
Subject: [PATCH] update

---
 README.md                 | 10 +++++++++-
 examples/example.com.conf |  2 ++
 ssl/hsts.conf             |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e062b8a..8988ade 100644
--- a/README.md
+++ b/README.md
@@ -14,6 +14,8 @@ In server block:
 ```nginx
 server {
 	# ...
+	include snippets/cert/mydomain.com.conf;
+	include	kit/ssl/hsts.conf;
 	include	kit/ssl/force.conf;
 	# ...
 }
@@ -38,4 +40,10 @@ server {
 	include snippets/cert/mydomain.com.conf;
 	# ...
 }
-```
\ No newline at end of file
+```
+
+### SSL snippets
+
+- `kit/ssl/security.conf`: TLS protocol and session resumption settings.
+- `kit/ssl/hsts.conf`: HSTS header for HTTPS responses.
+- `kit/ssl/force.conf`: Redirect HTTP requests to HTTPS.
diff --git a/examples/example.com.conf b/examples/example.com.conf
index 9efe476..96f1743 100644
--- a/examples/example.com.conf
+++ b/examples/example.com.conf
@@ -12,6 +12,8 @@ server {
 
 	index index.html index.htm;
 
+	include snippets/cert/mydomain.com.conf;
+	include kit/ssl/hsts.conf;
 	include kit/redirect/to-primary-domain.conf;
 	include kit/ssl/force.conf;
 }
diff --git a/ssl/hsts.conf b/ssl/hsts.conf
index f6ea9a5..0d29162 100644
--- a/ssl/hsts.conf
+++ b/ssl/hsts.conf
@@ -4,4 +4,4 @@ if ($scheme = "https") {
 	set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
 }
 
-add_header	Strict-Transport-Security $hsts_header_value;
\ No newline at end of file
+add_header	Strict-Transport-Security $hsts_header_value always;