From 6bea5b7567505d6a8cbb72b1c8ae7a1048b73ebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Fri, 7 Apr 2017 18:20:22 +0200 Subject: [PATCH] Enable HTTP2 and HSTS --- .../templates/default/nginx_conf_xmpp.5apps.com.erb | 2 +- .../templates/default/nginx_conf_ipfs.kosmos.org.erb | 2 +- .../kosmos-mediawiki/templates/default/nginx.conf.erb | 3 ++- .../kosmos-wordpress/templates/default/nginx.conf.erb | 3 ++- .../sockethub/templates/default/nginx_conf_sockethub.erb | 2 +- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb b/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb index db0cfa5..3b41657 100644 --- a/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb +++ b/site-cookbooks/5apps-xmpp_server/templates/default/nginx_conf_xmpp.5apps.com.erb @@ -1,7 +1,7 @@ server { listen 80; # For Let's Encrypt <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> - listen 443 ssl spdy; + listen 443 ssl http2; <% end -%> server_name <%= @server_name %>; diff --git a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb index 94c75a1..6fdb500 100644 --- a/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb +++ b/site-cookbooks/kosmos-ipfs/templates/default/nginx_conf_ipfs.kosmos.org.erb @@ -16,7 +16,7 @@ server { server { <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> - listen <%= @ipfs_external_api_port %> ssl spdy; + listen <%= @ipfs_external_api_port %> ssl http2; <% else -%> listen 80; <% end -%> diff --git a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb index 0154d5f..c5afe43 100644 --- a/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb +++ b/site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb @@ -1,6 +1,6 @@ server { listen 80; - listen 443 ssl; + listen 443 ssl http2; server_name <%= @server_name %>; access_log /var/log/nginx/<%= @server_name %>.access.log; @@ -30,6 +30,7 @@ server { fastcgi_param HTTP_PROXY ""; } + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; } diff --git a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb index 7c9c86e..3477c1b 100644 --- a/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb +++ b/site-cookbooks/kosmos-wordpress/templates/default/nginx.conf.erb @@ -1,7 +1,7 @@ server { listen 80; <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> - listen <%= @server_port %> ssl spdy; + listen <%= @server_port %> ssl http2; <% end -%> server_name <%= @server_name %> <%= @server_aliases.join(" ") %>; @@ -35,6 +35,7 @@ server { } <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; ssl_certificate <%= @ssl_cert %>; ssl_certificate_key <%= @ssl_key %>; <% end -%> diff --git a/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb b/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb index daf8b43..14f565b 100644 --- a/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb +++ b/site-cookbooks/sockethub/templates/default/nginx_conf_sockethub.erb @@ -11,7 +11,7 @@ map $http_upgrade $connection_upgrade { server { listen 80; # For Let's Encrypt <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%> - listen <%= @sockethub_external_port %> ssl spdy; + listen <%= @sockethub_external_port %> ssl http2; add_header Strict-Transport-Security "max-age=15768000"; <% end -%>