|
@@ -158,6 +158,9 @@ upstream {{ $upstream_name }} {
|
|
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
|
|
{{/* Get the HTTPS_METHOD defined by containers w/ the same vhost, falling back to "redirect" */}}
|
|
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
|
|
{{ $https_method := or (first (groupByKeys $containers "Env.HTTPS_METHOD")) "redirect" }}
|
|
|
|
|
|
|
|
+{{/* Get the HSTS defined by containers w/ the same vhost, falling back to "max-age=31536000" */}}
|
|
|
|
+{{ $hsts := or (first (groupByKeys $containers "Env.HSTS")) "max-age=31536000" }}
|
|
|
|
+
|
|
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
|
|
{{/* Get the VIRTUAL_ROOT By containers w/ use fastcgi root */}}
|
|
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
|
|
{{ $vhost_root := or (first (groupByKeys $containers "Env.VIRTUAL_ROOT")) "/var/www/public" }}
|
|
|
|
|
|
@@ -225,8 +228,8 @@ server {
|
|
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
|
|
ssl_trusted_certificate {{ printf "/etc/nginx/certs/%s.chain.crt" $cert }};
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
- {{ if (ne $https_method "noredirect") }}
|
|
|
|
- add_header Strict-Transport-Security "max-age=31536000";
|
|
|
|
|
|
+ {{ if (and (ne $https_method "noredirect") (ne $hsts "off")) }}
|
|
|
|
+ add_header Strict-Transport-Security "{{ trim $hsts }}";
|
|
{{ end }}
|
|
{{ end }}
|
|
|
|
|
|
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
|
|
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
|