From 349aeff91cd5827cbefe0a0cf7b0a9609ef40d8a Mon Sep 17 00:00:00 2001
From: Jonathan Dumont <5204724+JOduMonT@users.noreply.github.com>
Date: Tue, 6 Jul 2021 10:35:05 +0700
Subject: [PATCH] enable http strict transport security

https://docs.nextcloud.com/server/21/admin_manual/installation/harden_server.html#enable-http-strict-transport-security
---
 nextcloud.subdomain.conf.sample | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nextcloud.subdomain.conf.sample b/nextcloud.subdomain.conf.sample
index c1c846a..ebcd81f 100644
--- a/nextcloud.subdomain.conf.sample
+++ b/nextcloud.subdomain.conf.sample
@@ -12,7 +12,7 @@
 #    0 => '192.168.0.1:444', # This line may look different on your setup, don't modify it.
 #    1 => 'nextcloud.your-domain.com',
 #  ),
-
+add_header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload";
 server {
     listen 443 ssl;
     listen [::]:443 ssl;