summaryrefslogtreecommitdiffstats
path: root/roles/git/files/etc/nginx
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-07-12 03:10:33 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-07-12 03:10:33 +0200
commitef430522256013665205cdda05636846cc622251 (patch)
tree0912b6175af9e97fa76aaf47613bd1926893dc67 /roles/git/files/etc/nginx
parent4e347178a85468cb2a6451a3a57c3379f832ca97 (diff)
nginx: Don't hard-code the HPKP headers.
Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out.
Diffstat (limited to 'roles/git/files/etc/nginx')
-rw-r--r--roles/git/files/etc/nginx/sites-available/git6
1 files changed, 3 insertions, 3 deletions
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
index ca71e0d..0ec65e2 100644
--- a/roles/git/files/etc/nginx/sites-available/git
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -27,9 +27,9 @@ server {
include snippets/headers.conf;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/git.fripost.org.pem;
- ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
- add_header Public-Key-Pins 'pin-sha256="HOoiXgC7tolzZ31b65UzbAKhpCCA7I0iNdO7NEuL0lU="; pin-sha256="7F+6dSG3D3X3SSLXmb4GWWqUViztamLmmCBlYCi4a10="; max-age=15778800';
+ ssl_certificate ssl/git.fripost.org.pem;
+ ssl_certificate_key ssl/git.fripost.org.key;
+ include snippets/git.fripost.org.hpkp-hdr;
location ^~ /static/ {
alias /usr/share/cgit/;