From 000f3d3348b3c7884d0e6c75ebfe7094896f0fb9 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 3 Mar 2024 21:37:07 +0000
Subject: [PATCH] Add HSTS to all nginx requests

---
 ansible/roles/nginx/files/includes/ssl.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/ansible/roles/nginx/files/includes/ssl.conf b/ansible/roles/nginx/files/includes/ssl.conf
index 28fd6ac..b17af6c 100644
--- a/ansible/roles/nginx/files/includes/ssl.conf
+++ b/ansible/roles/nginx/files/includes/ssl.conf
@@ -8,8 +8,7 @@ ssl_dhparam dhparams.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
 ssl_prefer_server_ciphers off;
-# HSTS (ngx_http_headers_module is required) (63072000 seconds)
-#add_header Strict-Transport-Security "max-age=63072000" always;
+more_set_headers "Strict-Transport-Security: max-age=2592000";
 
 # OCSP stapling
 ssl_stapling on;