Interanet/jitsi-meet-deployment
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

web: Add ENABLE_HSTS flag to disable strict-transport-security header

Browse Source
This commit is contained in:
Cosmo Myzrail Gorynych aka CoMiGo
2020-12-17 20:32:54 +12:00
committed by GitHub
parent f8560371f5
commit 0b2514101c
3 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docker-compose.yml
View File

@@ -14,6 +14,7 @@ services:
environment: environment:
- ENABLE_LETSENCRYPT - ENABLE_LETSENCRYPT
- ENABLE_HTTP_REDIRECT - ENABLE_HTTP_REDIRECT
- ENABLE_HSTS
- ENABLE_XMPP_WEBSOCKET - ENABLE_XMPP_WEBSOCKET
- DISABLE_HTTPS - DISABLE_HTTPS
- LETSENCRYPT_DOMAIN - LETSENCRYPT_DOMAIN

5
env.example
View File

@@ -364,6 +364,11 @@ JIBRI_LOGS_DIR=/config/logs
# Necessary for Let's Encrypt, relies on standard HTTPS port (443) # Necessary for Let's Encrypt, relies on standard HTTPS port (443)
#ENABLE_HTTP_REDIRECT=1 #ENABLE_HTTP_REDIRECT=1
# Send a `strict-transport-security` header to force browsers to use
# a secure and trusted connection. Recommended for production use.
# Defaults to 1 (send the header).
# ENABLE_HSTS=1
# Enable IPv6 # Enable IPv6
# Provides means to disable IPv6 in environments that don't support it (get with the times, people!) # Provides means to disable IPv6 in environments that don't support it (get with the times, people!)
#ENABLE_IPV6=1 #ENABLE_IPV6=1

2
web/rootfs/defaults/ssl.conf
View File

@@ -23,4 +23,6 @@ ssl_prefer_server_ciphers off;
ssl_dhparam /defaults/ffdhe2048.txt; ssl_dhparam /defaults/ffdhe2048.txt;
# HSTS (ngx_http_headers_module is required) (63072000 seconds) # HSTS (ngx_http_headers_module is required) (63072000 seconds)
{{ if .Env.ENABLE_HSTS | default "1" | toBool }}
add_header Strict-Transport-Security "max-age=63072000" always; add_header Strict-Transport-Security "max-age=63072000" always;
{{ end }}