Merge branch 'v3'

flownative · Mar 3, 2022 · 2cdfec6 · 2cdfec6
2 parents a440584 + 9054290
commit 2cdfec6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,7 @@ for possible values. The default value is `warn`.
 | NGINX_STATIC_ROOT                        | string  | /var/www/html                         | Document root path for when BEACH_NGINX_MODE is "Static"                                            |
 | NGINX_STRICT_TRANSPORT_SECURITY_ENABLE   | boolean | no                                    | If Strict-Transport-Security headers should be sent (HSTS)                                          |
 | NGINX_STRICT_TRANSPORT_SECURITY_PRELOAD  | boolean | no                                    | If site should be added to list of HTTPS-only sites by Google and others                            |
+| NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE  | boolean | 31536000                              | Maxmimum age for Strict-Transport-Security header, if enabled                                       |
 | NGINX_AUTH_BASIC_REALM                   | string  | off                                   | Realm for HTTP Basic Authentication; if "off", authentication is disabled                           |
 | NGINX_AUTH_BASIC_USERNAME                | string  |                                       | Username for HTTP Basic Authentication                                                              |
 | NGINX_AUTH_BASIC_ENCODED_HASHED_PASSWORD | string  |                                       | Base64-encoded hashed password (using httpasswd) for HTTP Basic Authentication                      |

diff --git a/root-files/opt/flownative/lib/nginx-legacy.sh b/root-files/opt/flownative/lib/nginx-legacy.sh
@@ -60,6 +60,7 @@ export NGINX_CUSTOM_ERROR_PAGE_TARGET=${NGINX_CUSTOM_ERROR_PAGE_TARGET:-${BEACH_
 
 export NGINX_STRICT_TRANSPORT_SECURITY_ENABLE=${NGINX_STRICT_TRANSPORT_SECURITY_ENABLE:-no}
 export NGINX_STRICT_TRANSPORT_SECURITY_PRELOAD=${NGINX_STRICT_TRANSPORT_SECURITY_PRELOAD:-no}
+export NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE=${NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE:-31536000}
 
 export NGINX_AUTH_BASIC_REALM=${NGINX_AUTH_BASIC_REALM:-off}
 export NGINX_AUTH_BASIC_USERNAME=${NGINX_AUTH_BASIC_USERNAME:-}
@@ -128,12 +129,12 @@ EOM
         if is_boolean_yes "${NGINX_STRICT_TRANSPORT_SECURITY_PRELOAD}"; then
             info "Nginx: Enabling Strict Transport Security with preloading ..."
     cat >>"${NGINX_CONF_PATH}/sites-enabled/site.conf" <<-EOM
-            add_header Strict-Transport-Security "max-age=31536000; preload" always;
+            add_header Strict-Transport-Security "max-age=${NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE}; preload" always;
 EOM
         else
             info "Nginx: Enabling Strict Transport Security without preloading ..."
     cat >>"${NGINX_CONF_PATH}/sites-enabled/site.conf" <<-EOM
-            add_header Strict-Transport-Security "max-age=31536000" always;
+            add_header Strict-Transport-Security "max-age=${NGINX_STRICT_TRANSPORT_SECURITY_MAX_AGE}" always;
 EOM
         fi
     fi