diff options
| -rw-r--r-- | ssl-config-generator/index.html | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html index 82547f5..d6bb548 100644 --- a/ssl-config-generator/index.html +++ b/ssl-config-generator/index.html @@ -46,6 +46,16 @@ <h2>{{server}} {{serverVersion}} | {{securityProfile}} profile | OpenSSL {{opensslVersion}} | <a href="?{{queryString}}">link</a></h2> <p>Oldest compatible clients : {{clientList}}</p> <pre> +{{#if hstsEnabled}} +server { + listen 80 default_server; + listen [::]:80 default_server; + + # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response. + return 301 https://$host$request_uri; +} + +{{/if}} server { {{listen}} @@ -334,10 +344,15 @@ $SERVER["socket"] == ":443" { data.hsts = '\n # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)' + '\n' + ' add_header Strict-Transport-Security max-age=15768000;'; } - if (isSemVer(data.serverVersion, ">=0.7.14")) { - data.listen = ' listen 443 ssl;'; + if (isSemVer(data.serverVersion, ">=1.9.5")) { + data.listen = ' listen 443 ssl http2;\n' + + ' listen [::]:443 ssl http2;'; + } else if (isSemVer(data.serverVersion, ">=0.7.14")) { + data.listen = ' listen 443 ssl;\n' + + ' listen [::]:443 ssl;'; } else { data.listen = ' listen 443;' + '\n' + + ' listen [::]:443;\n' + ' ssl on;'; } if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8f") && isSemVer(data.serverVersion, '>=1.5.9')) { |