coredotbin/ansible-role-nextcloud
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

Enabled HTTP Strict Transport Security by default

Browse Source
This commit is contained in:
Corbin Bartsch 2022-04-13 22:37:15 -04:00
parent 03c77607b4
commit c223517102
Signed by: coredotbin
GPG Key ID: 32D3B80A08D93212
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yaml
View File

@ -14,6 +14,8 @@ nextcloud_www_path: '/var/www/nextcloud/'
nextcloud_ssl: true nextcloud_ssl: true
nextcloud_ssl_certificate_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem" nextcloud_ssl_certificate_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
nextcloud_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key" nextcloud_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
nextcloud_hsts: true
nextcloud_hsts_preload: false
# Apache configuration # Apache configuration

6
templates/apache2_ssl_nextcloud.conf.j2
View File

@ -31,6 +31,12 @@
<FilesMatch "\.php$"> <FilesMatch "\.php$">
SSLOptions +StdEnvVars SSLOptions +StdEnvVars
</FilesMatch> </FilesMatch>
{% if nextcloud_hsts %}
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains{% if nextcloud_hsts_preload %}; preload{% endif %}"
</IfModule>
{% endif %}
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>