1 files changed, 18 insertions, 18 deletions
diff --git a/usecases/server/nginx.nix b/usecases/server/nginx.nix
index c4c37fd..0e79a35 100644
--- a/usecases/server/nginx.nix
+++ b/usecases/server/nginx.nix
@@ -14,24 +14,24 @@ inputs:
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-    commonHttpConfig = ''
+    # commonHttpConfig = ''
-      # Add HSTS header with preloading to HTTPS requests.
+    #   # Add HSTS header with preloading to HTTPS requests.
-      # Adding this header to HTTP requests is discouraged
+    #   # Adding this header to HTTP requests is discouraged
-      map $scheme $hsts_header {
+    #   map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
+    #       https   "max-age=31536000; includeSubdomains; preload";
-      }
+    #   }
+    #
-      add_header Strict-Transport-Security $hsts_header;
+    #   add_header Strict-Transport-Security $hsts_header;
+    #
-      add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
+    #   add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
+    #
-      add_header X-Frame-Options DENY;
+    #   add_header X-Frame-Options DENY;
+    #
-      add_header X-Content-Type-Options nosniff;
+    #   add_header X-Content-Type-Options nosniff;
+    #
-      # Better to setup CSP, but nice default nonetheless
+    #   # Better to setup CSP, but nice default nonetheless
-      add_header X-XSS-Protection "1; mode=block";
+    #   add_header X-XSS-Protection "1; mode=block";
-    '';
+    # '';
    sslDhparam = config.security.dhparams.params.nginx.path;
  };

diff --git a/usecases/server/nginx.nix b/usecases/server/nginx.nix index c4c37fd..0e79a35 100644 --- a/usecases/server/nginx.nix +++ b/usecases/server/nginx.nix
@@ -14,24 +14,24 @@ inputs:
14	recommendedProxySettings = true;	14	recommendedProxySettings = true;
15	recommendedTlsSettings = true;	15	recommendedTlsSettings = true;
16		16
17	commonHttpConfig = ''	17	# commonHttpConfig = ''
18	# Add HSTS header with preloading to HTTPS requests.	18	# # Add HSTS header with preloading to HTTPS requests.
19	# Adding this header to HTTP requests is discouraged	19	# # Adding this header to HTTP requests is discouraged
20	map $scheme $hsts_header {	20	# map $scheme $hsts_header {
21	https "max-age=31536000; includeSubdomains; preload";	21	# https "max-age=31536000; includeSubdomains; preload";
22	}	22	# }
23		23	#
24	add_header Strict-Transport-Security $hsts_header;	24	# add_header Strict-Transport-Security $hsts_header;
25		25	#
26	add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';	26	# add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
27		27	#
28	add_header X-Frame-Options DENY;	28	# add_header X-Frame-Options DENY;
29		29	#
30	add_header X-Content-Type-Options nosniff;	30	# add_header X-Content-Type-Options nosniff;
31		31	#
32	# Better to setup CSP, but nice default nonetheless	32	# # Better to setup CSP, but nice default nonetheless
33	add_header X-XSS-Protection "1; mode=block";	33	# add_header X-XSS-Protection "1; mode=block";
34	'';	34	# '';
35		35
36	sslDhparam = config.security.dhparams.params.nginx.path;	36	sslDhparam = config.security.dhparams.params.nginx.path;
37	};	37	};