disable HSTS in the development setup

(to remove uninteresting warnings raised by firefox)

disable HSTS in the development setup
(to remove uninteresting warnings raised by firefox)
5759b8e1 · BAIRE Anthony · dc4923e5 · 5759b8e1 · 5759b8e1
Commit 5759b8e1 authored Mar 19, 2020 by BAIRE Anthony
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

docker-compose.yml docker-compose.yml +5 -0

nginx/files/usr/local/sbin/update-nginx-config nginx/files/usr/local/sbin/update-nginx-config +3 -1

No files found.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -145,6 +145,11 @@ services:
    volumes:
        - "/data/dev/nginx:/vol"
    networks: [dev]
+    environment:
+        # we disable HSTS in the dev environment because firefox spits many
+        # warnings in the console when HSTS is used together with a self-signed
+        # certificate.
+        NGINX_DISABLE_HSTS: 1


  # TOOLBOX

--- a/nginx/files/usr/local/sbin/update-nginx-config
+++ b/nginx/files/usr/local/sbin/update-nginx-config
@@ -21,8 +21,10 @@ security_config = lambda fqdn: """
 	ssl_certificate_key	/vol/ro/ssl/{fqdn}.key;

        include /etc/nginx/ssl.conf;
+	{hsts}

-""".format(fqdn=fqdn)
+""".format(fqdn=fqdn, hsts="more_clear_headers Strict-Transport-Security;"
+                            if os.environ.get("NGINX_DISABLE_HSTS") else "")


 # default server (returns 404)