Fix missing HSTS header for some URLs due to nginx "directive inheritance"[1]
F5/nginx has blogged about this[1] and it is also mentioned in nginx's
documentation[2]:
"There could be several add_header directives. These directives are
inherited from the previous configuration level if and only if there are
no add_header directives defined on the current level. "
The problem occurs when add_header is used in a child context like a
server{} or location{} block. It is solved by moving the HSTS header
into a snippet, which is now included before all add_header lines.
For now the HSTS header is the only global header, but in the future we
may need to add more global headers, like the Alt-Svc header[3] for
HTTP/3.
[1] https://www.f5.com/company/blog/nginx/avoiding-top-10-nginx-configuration-mistakes#directive-inheritance
[2] https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
[3] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Alt-Svc
Fix #608
parent
a816ca06
No related branches found
No related tags found
Showing
- roles/archmanweb/templates/nginx.d.conf.j2 1 addition, 0 deletionsroles/archmanweb/templates/nginx.d.conf.j2
- roles/archweb/templates/ipxe.archlinux.org.j2 1 addition, 0 deletionsroles/archweb/templates/ipxe.archlinux.org.j2
- roles/archweb/templates/maintenance-nginx.d.conf.j2 2 additions, 0 deletionsroles/archweb/templates/maintenance-nginx.d.conf.j2
- roles/archweb/templates/nginx.d.conf.j2 7 additions, 3 deletionsroles/archweb/templates/nginx.d.conf.j2
- roles/archwiki/templates/nginx.d.conf.j2 4 additions, 0 deletionsroles/archwiki/templates/nginx.d.conf.j2
- roles/aurweb/templates/nginx.d.conf.j2 2 additions, 0 deletionsroles/aurweb/templates/nginx.d.conf.j2
- roles/fluxbb/templates/nginx.conf.j2 2 additions, 0 deletionsroles/fluxbb/templates/nginx.conf.j2
- roles/matrix/templates/nginx.d.conf.j2 1 addition, 0 deletionsroles/matrix/templates/nginx.d.conf.j2
- roles/mirrorsync/templates/nginx.d.conf.j2 1 addition, 0 deletionsroles/mirrorsync/templates/nginx.d.conf.j2
- roles/nginx/tasks/main.yml 1 addition, 0 deletionsroles/nginx/tasks/main.yml
- roles/nginx/templates/headers.conf 1 addition, 0 deletionsroles/nginx/templates/headers.conf
- roles/nginx/templates/nginx.conf.j2 1 addition, 0 deletionsroles/nginx/templates/nginx.conf.j2
- roles/nginx/templates/sslsettings.conf 1 addition, 2 deletionsroles/nginx/templates/sslsettings.conf
- roles/ping/templates/nginx.d.conf.j2 1 addition, 0 deletionsroles/ping/templates/nginx.d.conf.j2
- roles/rebuilderd/templates/nginx.d.conf.j2 2 additions, 3 deletionsroles/rebuilderd/templates/nginx.d.conf.j2
- roles/syncrepo/templates/nginx.d.conf.j2 1 addition, 0 deletionsroles/syncrepo/templates/nginx.d.conf.j2
Loading
Please register or sign in to comment