From 31cadb9402a062b8eedad8dd51f1790c8a1eaa26 Mon Sep 17 00:00:00 2001
From: saibotk <saibotk@users.noreply.github.com>
Date: Mon, 29 Jul 2019 03:38:44 +0200
Subject: [PATCH] nginx being serious

---
 services/http/nginx.conf | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/services/http/nginx.conf b/services/http/nginx.conf
index eb52bda..f48cb56 100644
--- a/services/http/nginx.conf
+++ b/services/http/nginx.conf
@@ -26,6 +26,12 @@ http {
     keepalive_timeout  65;
 
     #gzip  on;
+    
+    # Set HSTS if forwarded proto is https
+    map $http_x_forwarded_proto $hsts_header {
+      default "";
+      https "max-age=31536000; includeSubDomains;";
+    }
 
     server {
         listen       80 default_server;
@@ -60,9 +66,7 @@ http {
 
         sendfile off;
         
-        if ($http_x_forwarded_proto = "https") {
-            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
-        }
+        add_header Strict-Transport-Security $hsts_header;
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Robots-Tag none;