external/mailinabox
1
0
Fork 0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2026-04-01 21:27:22 +02:00
Code Issues Releases Wiki Activity

redirect all HTTP to HTTPS and enable HSTS, closes #18

Browse Source
This commit is contained in:
Joshua Tauberer
2014-05-14 12:15:11 +00:00
parent 091a58ac94
commit b646771517
2 changed files with 6 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
conf/nginx-ssl.conf
View File

@@ -7,7 +7,7 @@
#ssl_certificate_key /path/to/my-private-decrypted.key;
# optional: tell browsers to require SSL (warning: difficult to change your mind)
#add_header Strict-Transport-Security max-age=31536000;
add_header Strict-Transport-Security max-age=31536000;
# optional: prefer certain ciphersuites, to enforce Perfect Forward Secrecy and avoid known vulnerabilities.
# done in consultation with:
@@ -43,4 +43,4 @@ spdy_headers_comp 6;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
#ssl_trusted_certificate /path/to/all-certs-in-chain.crt;
#ssl_trusted_certificate /path/to/all-certs-in-chain.crt;