From 0254e42b9cf4499498fc9d56f355f9951402a170 Mon Sep 17 00:00:00 2001
From: Jonathan Cremin <jonathan@crem.in>
Date: Wed, 31 Aug 2016 18:14:26 +0200
Subject: [PATCH] Add security-related http headers

---
 nginx.conf.sigil | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nginx.conf.sigil b/nginx.conf.sigil
index 20e0ae1..b5e4378 100644
--- a/nginx.conf.sigil
+++ b/nginx.conf.sigil
@@ -10,7 +10,7 @@ server {
   server_name {{ .NOSSL_SERVER_NAME }};
   access_log  /var/log/nginx/{{ .APP }}-access.log;
   error_log   /var/log/nginx/{{ .APP }}-error.log;
-  return 301  https://$host:{{ .NGINX_SSL_PORT }}$request_uri;
+  return 301  https://$host$request_uri;
 }
 
 server {
@@ -27,6 +27,7 @@ server {
 
   keepalive_timeout   70;
   add_header          Alternate-Protocol  {{ .NGINX_SSL_PORT }}:npn-spdy/2;
+  add_header          Strict-Transport-Security "max-age=31536000" always;
 
   location /apps/ {
     alias {{ .DOKKU_ROOT }}/{{ .APP }}/apps/;
@@ -68,6 +69,7 @@ server {
 
   keepalive_timeout   70;
   add_header          Alternate-Protocol  {{ .NGINX_SSL_PORT }}:npn-spdy/2;
+  add_header          Strict-Transport-Security "max-age=31536000" always;
 
   location    / {
     gzip on;