ops/nginx-kit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update

Browse source
This commit is contained in:
Dallas Lu 2026-06-05 12:40:41 +08:00
parent c526d8ae0d
commit 5d83656f2f
No known key found for this signature in database
3 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -14,6 +14,8 @@ In server block:
```nginx ```nginx
server { server {
# ... # ...
include snippets/cert/mydomain.com.conf;
include kit/ssl/hsts.conf;
include kit/ssl/force.conf; include kit/ssl/force.conf;
# ... # ...
} }
@ -38,4 +40,10 @@ server {
include snippets/cert/mydomain.com.conf; include snippets/cert/mydomain.com.conf;
# ... # ...
} }
``` ```
### SSL snippets
- `kit/ssl/security.conf`: TLS protocol and session resumption settings.
- `kit/ssl/hsts.conf`: HSTS header for HTTPS responses.
- `kit/ssl/force.conf`: Redirect HTTP requests to HTTPS.

2
examples/example.com.conf
View file

@ -12,6 +12,8 @@ server {
index index.html index.htm; index index.html index.htm;
include snippets/cert/mydomain.com.conf;
include kit/ssl/hsts.conf;
include kit/redirect/to-primary-domain.conf; include kit/redirect/to-primary-domain.conf;
include kit/ssl/force.conf; include kit/ssl/force.conf;
} }

2
ssl/hsts.conf
View file

@ -4,4 +4,4 @@ if ($scheme = "https") {
set $hsts_header_value "max-age=31536000; includeSubDomains; preload"; set $hsts_header_value "max-age=31536000; includeSubDomains; preload";
} }
add_header Strict-Transport-Security $hsts_header_value; add_header Strict-Transport-Security $hsts_header_value always;