Enable HTTP2 and HSTS

2017-04-07 18:20:22 +02:00 · 2017-04-07 18:20:22 +02:00 · 6bea5b7567
commit 6bea5b7567
parent 4e5d452aff
5 changed files with 7 additions and 5 deletions
--- a/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb
+++ b/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb
@ -1,7 +1,7 @@
 server {
  listen 80; # For Let's Encrypt
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-  listen 443 ssl spdy;
+  listen 443 ssl http2;
  <% end -%>

  server_name <%= @server_name %>;
--- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
+++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb
@ -16,7 +16,7 @@ server {

 server {
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-  listen <%= @ipfs_external_api_port %> ssl spdy;
+  listen <%= @ipfs_external_api_port %> ssl http2;
  <% else -%>
  listen 80;
  <% end -%>
--- a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
@ -1,6 +1,6 @@
 server {
        listen 80;
-        listen 443 ssl;
+        listen 443 ssl http2;
        server_name <%= @server_name %>;

        access_log   /var/log/nginx/<%= @server_name %>.access.log;
@ -30,6 +30,7 @@ server {
                fastcgi_param HTTP_PROXY "";
        }

+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
        ssl_certificate <%= @ssl_cert %>;
        ssl_certificate_key <%= @ssl_key %>;
 }
--- a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
+++ b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb
@ -1,7 +1,7 @@
 server {
        listen 80;
        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-        listen <%= @server_port %> ssl spdy;
+        listen <%= @server_port %> ssl http2;
        <% end -%>
        server_name <%= @server_name %> <%= @server_aliases.join(" ") %>;

@ -35,6 +35,7 @@ server {
        }

        <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
        ssl_certificate <%= @ssl_cert %>;
        ssl_certificate_key <%= @ssl_key %>;
        <% end -%>
--- a/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb
+++ b/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb
@ -11,7 +11,7 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 80; # For Let's Encrypt
  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
-  listen <%= @sockethub_external_port %> ssl spdy;
+  listen <%= @sockethub_external_port %> ssl http2;
  add_header Strict-Transport-Security "max-age=15768000";
  <% end -%>