example configs: kill STS/CT headers

This commit is contained in:
William Pitcock 2018-11-11 06:56:46 +00:00
parent df72978dce
commit e4bd5a6950
4 changed files with 0 additions and 16 deletions

View file

@ -21,11 +21,6 @@ example.tld {
ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256
} }
header / {
Strict-Transport-Security "max-age=31536000; includeSubDomains;"
Expect-CT "enforce, max-age=2592000"
}
# If you do not want to use the mediaproxy function, remove these lines. # If you do not want to use the mediaproxy function, remove these lines.
# To use this directive, you need the http.cache plugin for Caddy. # To use this directive, you need the http.cache plugin for Caddy.
cache { cache {

View file

@ -34,9 +34,6 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCompression off SSLCompression off
SSLSessionTickets off SSLSessionTickets off
# Uncomment this only after you get HTTPS working.
# Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
RewriteEngine On RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Upgrade} websocket [NC]

View file

@ -60,9 +60,6 @@ server {
client_max_body_size 16m; client_max_body_size 16m;
location / { location / {
# Uncomment this only after you get HTTPS working.
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";

View file

@ -119,8 +119,3 @@ sub vcl_pipe {
set bereq.http.connection = req.http.connection; set bereq.http.connection = req.http.connection;
} }
} }
sub vcl_deliver {
# Uncomment this only after you get HTTPS working.
# set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains";
}