From 9c72e00f036e71a45c3047dedaf550354c2f46b9 Mon Sep 17 00:00:00 2001
From: Alexandre Fayolle <alexandre.fayolle@camptocamp.com>
Date: Mon, 12 Jun 2023 10:10:12 +0200
Subject: [PATCH] [FIX] shorter HSTS timeout

Until we have a stable setup for this, set the HSTS header with a
max-age of 10min instead of 1y so we can test things

ref:
https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
"Testing HTTP Strict Transport Security with Care"
---
 9.0/templates/nginx.conf.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/9.0/templates/nginx.conf.tmpl b/9.0/templates/nginx.conf.tmpl
index 9e33b0d..10c2efa 100644
--- a/9.0/templates/nginx.conf.tmpl
+++ b/9.0/templates/nginx.conf.tmpl
@@ -93,7 +93,7 @@ http {
 
     client_max_body_size 1G;
 
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
 
     access_log /var/log/nginx/access.log json_combined;
 
@@ -125,7 +125,7 @@ http {
       auth_basic_user_file /etc/nginx/htpasswd;
       {{ end }}
       add_header X-Static no;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+      add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
       proxy_buffering off;
       proxy_buffer_size 64k;
       proxy_busy_buffers_size 64k;
@@ -173,7 +173,7 @@ http {
 
       proxy_cache_bypass $http_cache_control;
       add_header X-Cache-Status $upstream_cache_status;
-      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+      add_header Strict-Transport-Security "max-age=600; includeSubDomains" always;
       # there is no inheritance of proxy_set_header, as soon as we define one at a level,
       # we need to redefine all
       include /etc/nginx/proxy_headers.conf;