From 8d9e58eb7cce85251c570bd93e8bb1f8efae3529 Mon Sep 17 00:00:00 2001
From: Marc Beninca <marc-beninca@rwx.work>
Date: Tue, 6 Aug 2019 20:18:09 +0200
Subject: [PATCH] nginx/redirect,secure

---
 in/personal/server/index.rst | 30 ++++++++++++++++++++++++++----
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/in/personal/server/index.rst b/in/personal/server/index.rst
index 26fe72c..fa0eab1 100644
--- a/in/personal/server/index.rst
+++ b/in/personal/server/index.rst
@@ -309,25 +309,47 @@ Prepare a grub.cfg
 Web
 ---
 
+Security
+^^^^^^^^
+
+* /etc/nginx/https.conf
+
+::
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
+add_header Strict-Transport-Security "max-age=31557600; includeSubDomains; preload";
+
 Sites
 ^^^^^
 
+* /etc/nginx/sites-enabled/http
+
+::
+
+ server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+ server_name _;
+ return 301 https://${host}${request_uri};
+ }
+
+* /etc/nginx/sites-enabled/rwx.work
+
 ::
 
  ssl_certificate /etc/nginx/rwx.work/bundle.crt;
  ssl_certificate_key /etc/nginx/rwx.work/key.pem;
 
  server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ include /etc/nginx/https.conf;
  server_name deb.rwx.work;
  root /d/mirrors/apt-mirror/debian;
  autoindex on;
  }
 
  server {
- listen 443 default_server ssl http2;
- listen [::]:443 default_server ssl http2;
+ include /etc/nginx/https.conf;
  server_name .rwx.work;
  location / {
  proxy_pass http://10.0.0.1/;