From bee69cfbad00c8bcb9c335359bdc50654f821823 Mon Sep 17 00:00:00 2001
From: saibotk <saibotk@users.noreply.github.com>
Date: Mon, 29 Jul 2019 03:05:59 +0200
Subject: [PATCH] add hsts header and https redirect for reverse proxy setups

---
 services/http/nginx.conf | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/services/http/nginx.conf b/services/http/nginx.conf
index 34dcde6..41f3578 100644
--- a/services/http/nginx.conf
+++ b/services/http/nginx.conf
@@ -36,6 +36,11 @@ http {
 
         access_log off;
         error_log  /var/log/nginx/pterodactyl.app-error.log error;
+        
+        # Redirect to https
+        if ($http_x_forwarded_proto != false && $http_x_forwarded_proto != "https") {
+            return 301 https://$host$request_uri;
+        }
 
         location / {
             try_files $uri $uri/ /index.php?$query_string;
@@ -48,7 +53,10 @@ http {
         location = /robots.txt  { access_log off; log_not_found off; }
 
         sendfile off;
-
+        
+        if ($http_x_forwarded_proto == "https") {
+            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
+        }
         add_header X-Content-Type-Options nosniff;
         add_header X-XSS-Protection "1; mode=block";
         add_header X-Robots-Tag none;