From c5234558bf5fa432207afcc52dcde93ab9127697 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Thu, 9 Jul 2020 01:47:53 +0300 Subject: [PATCH] Do not apply HSTS of the site's subdomains --- web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf | 2 +- web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf | 2 +- web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf | 2 +- web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf | 2 +- web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf | 2 +- web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf | 2 +- zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-mysql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/alpine/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/centos/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf index 844ff0f07..e50ea368d 100644 --- a/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf +++ b/web-nginx-pgsql/ubuntu/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status { diff --git a/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf b/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf index b38103186..42cd457d9 100644 --- a/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf +++ b/zabbix-appliance/rhel/conf/etc/zabbix/nginx_ssl.conf @@ -28,7 +28,7 @@ server { ssl_session_timeout 10m; ssl_prefer_server_ciphers on; - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"; + add_header Strict-Transport-Security "max-age=31536000; preload"; add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report"; location =/nginx_status {