From ef430522256013665205cdda05636846cc622251 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 12 Jul 2016 03:10:33 +0200 Subject: nginx: Don't hard-code the HPKP headers. Instead, lookup the pubkeys and compute the digests on the fly. But never modify the actual header snippet to avoid locking our users out. --- roles/git/templates/etc/nginx/snippets/git.fripost.org.hpkp-hdr.j2 | 1 + 1 file changed, 1 insertion(+) create mode 120000 roles/git/templates/etc/nginx/snippets/git.fripost.org.hpkp-hdr.j2 (limited to 'roles/git/templates/etc/nginx') diff --git a/roles/git/templates/etc/nginx/snippets/git.fripost.org.hpkp-hdr.j2 b/roles/git/templates/etc/nginx/snippets/git.fripost.org.hpkp-hdr.j2 new file mode 120000 index 0000000..a8ba598 --- /dev/null +++ b/roles/git/templates/etc/nginx/snippets/git.fripost.org.hpkp-hdr.j2 @@ -0,0 +1 @@ +../../../../../../certs/hpkp-hdr.j2 \ No newline at end of file -- cgit v1.2.3