example configs: kill STS/CT headers
This commit is contained in:
parent
df72978dce
commit
e4bd5a6950
|
@ -21,11 +21,6 @@ example.tld {
|
||||||
ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256
|
ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256
|
||||||
}
|
}
|
||||||
|
|
||||||
header / {
|
|
||||||
Strict-Transport-Security "max-age=31536000; includeSubDomains;"
|
|
||||||
Expect-CT "enforce, max-age=2592000"
|
|
||||||
}
|
|
||||||
|
|
||||||
# If you do not want to use the mediaproxy function, remove these lines.
|
# If you do not want to use the mediaproxy function, remove these lines.
|
||||||
# To use this directive, you need the http.cache plugin for Caddy.
|
# To use this directive, you need the http.cache plugin for Caddy.
|
||||||
cache {
|
cache {
|
||||||
|
|
|
@ -34,9 +34,6 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
SSLCompression off
|
SSLCompression off
|
||||||
SSLSessionTickets off
|
SSLSessionTickets off
|
||||||
|
|
||||||
# Uncomment this only after you get HTTPS working.
|
|
||||||
# Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
||||||
|
|
||||||
RewriteEngine On
|
RewriteEngine On
|
||||||
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
RewriteCond %{HTTP:Connection} Upgrade [NC]
|
||||||
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
RewriteCond %{HTTP:Upgrade} websocket [NC]
|
||||||
|
|
|
@ -60,9 +60,6 @@ server {
|
||||||
client_max_body_size 16m;
|
client_max_body_size 16m;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
# Uncomment this only after you get HTTPS working.
|
|
||||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
|
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
|
@ -119,8 +119,3 @@ sub vcl_pipe {
|
||||||
set bereq.http.connection = req.http.connection;
|
set bereq.http.connection = req.http.connection;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub vcl_deliver {
|
|
||||||
# Uncomment this only after you get HTTPS working.
|
|
||||||
# set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains";
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue