From 25e944dac40d70b894dc6dfef3d831e3fad98cdd Mon Sep 17 00:00:00 2001
From: Matt Rude <matt@mattrude.com>
Date: Fri, 8 Nov 2019 06:11:33 +0000
Subject: update headers for sites

---
 lib/openpgpkey.example.com.conf | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/openpgpkey.example.com.conf b/lib/openpgpkey.example.com.conf
index a328100..175a7b7 100644
--- a/lib/openpgpkey.example.com.conf
+++ b/lib/openpgpkey.example.com.conf
@@ -6,6 +6,7 @@ server {
     listen 80;
     listen [::]:80;
     server_name openpgpkey.example.com;
+    access_log /var/log/nginx/wkd.log mine;
 
     location '/.well-known/acme-challenge' {
         default_type "text/plain";
@@ -13,7 +14,7 @@ server {
     }
 
     location / {
-        return              301 https://openpgpkey.example.com$request_uri;
+        return 301 https://openpgpkey.example.com$request_uri;
     }
 }
 
@@ -21,8 +22,16 @@ server {
 #    listen 443 ssl http2;
 #    listen [::]:443 ssl http2;
 #    server_name openpgpkey.example.com;
+#    access_log /var/log/nginx/wkd.log mine;
 #    root /var/www/openpgpkey;
 #
+#    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+#    add_header Expect-CT "enforce, max-age=300, report-uri=\"https://mattrude.com/expect-ct/\"";
+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self';";
+#    add_header X-XSS-Protection "1; mode=block";
+#    add_header X-Content-Type-Options nosniff;
+#    add_header X-Frame-Options SAMEORIGIN;
+#
 #    ssl_certificate         /etc/letsencrypt/live/openpgpkey.example.com/fullchain.pem;
 #    ssl_certificate_key     /etc/letsencrypt/live/openpgpkey.example.com/privkey.pem;
 #    ssl_stapling on;
-- 
cgit v1.2.3-59-ga6da