--- a/provision/roles/fruitbar/templates/etc/nginx/sites-available/fruitbar Thu Sep 14 19:31:42 2017 +0800
+++ b/provision/roles/fruitbar/templates/etc/nginx/sites-available/fruitbar Mon Sep 18 00:50:22 2017 +0800
{% if hpkpinfo.results|length > 1 %}
# HPKP: 5184000 = 60 days
- add_header Public-Key-Pins '{% for r in hpkpinfo.results %}pin-sha256="{{ r.stdout }}"; {% endfor %}max-age=5184000';
+ add_header Public-Key-Pins '{% for r in hpkpinfo.results %}pin-sha256="{{ r.stdout }}"; {% endfor %}max-age=5184000' always;
# HSTS: 31536000 = 365 days (set to 0 to expire and allow plain HTTP)
- add_header Strict-Transport-Security 'max-age=31536000';
+ add_header Strict-Transport-Security 'max-age=31536000' always;
add_header Cache-Control private;
# Various security headers not related to HTTPS
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
- add_header X-Frame-Options DENY;
- add_header X-Content-Type-Options nosniff;
- add_header X-XSS-Protection '1; mode=block';
+ add_header X-Frame-Options DENY always;
+ add_header X-Content-Type-Options nosniff always;
+ add_header X-XSS-Protection '1; mode=block' always;
access_log /var/log/nginx/fruitbar.{{ umbrella }}.access.log;
error_log /var/log/nginx/fruitbar.{{ umbrella }}.error.log;