Fixes #68 - HSTS is now part of the UI

src/backend/templates/_hsts.conf

@@ -0,0 +1,8 @@
+{% if certificate and certificate_id > 0 -%}
+{% if ssl_forced == 1 or ssl_forced == true %}
+{% if hsts_enabled == 1 or hsts_enabled == true %}
+  # HSTS (ngx_http_headers_module is required) (31536000 seconds = 1 year)
+  add_header Strict-Transport-Security "max-age=31536000;{% if hsts_subdomains == 1 or hsts_subdomains == true -%} includeSubDomains;{% endif %} preload" always;
+{% endif %}
+{% endif %}
+{% endif %}

src/backend/templates/dead_host.conf

@@ -4,11 +4,16 @@
 server {
 {% include "_listen.conf" %}
 {% include "_certificates.conf" %}
+{% include "_hsts.conf" %}
 
   access_log /data/logs/dead_host-{{ id }}.log standard;
 
 {{ advanced_config }}
 
-  return 404;
+  location / {
+{% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
+    return 404;
+  }
 }
 {% endif %}

src/backend/templates/proxy_host.conf

@@ -10,6 +10,7 @@ server {
 {% include "_certificates.conf" %}
 {% include "_assets.conf" %}
 {% include "_exploits.conf" %}
+{% include "_hsts.conf" %}
 
   access_log /data/logs/proxy_host-{{ id }}.log proxy;
 
@@ -23,6 +24,7 @@ server {
     {%- endif %}
 
 {% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
 
     {% if allow_websocket_upgrade == 1 or allow_websocket_upgrade == true %}
     proxy_set_header Upgrade $http_upgrade;

src/backend/templates/redirection_host.conf

@@ -6,15 +6,15 @@ server {
 {% include "_certificates.conf" %}
 {% include "_assets.conf" %}
 {% include "_exploits.conf" %}
+{% include "_hsts.conf" %}
 
   access_log /data/logs/redirection_host-{{ id }}.log standard;
 
 {{ advanced_config }}
 
-  # TODO: Preserve Path Option
-
   location / {
 {% include "_forced_ssl.conf" %}
+{% include "_hsts.conf" %}
 
     {% if preserve_path == 1 or preserve_path == true %}
         return 301 $scheme://{{ forward_domain_name }}$request_uri;