Version 1.1

SatelliteWP · Dec 21, 2015 · 0b6d1cd · 0b6d1cd · maximejobin · Dec 21, 2015
2 parents 8061f7c + 7805d75
commit 0b6d1cd
Showing 1 changed file with 24 additions and 5 deletions.
diff --git a/rocket-nginx.conf b/rocket-nginx.conf
@@ -7,14 +7,15 @@
 # Author: Maxime Jobin
 # URL: https://github.com/maximejobin/rocket-nginx
 #
-# Tested with WP-Rocket version: 2.6.9
+# Tested with WP-Rocket version: 2.6.15
 # Tested with NGINX: 1.8.0 (stable)
 #
-# Version 1.0.1
+# Version 1.1
 #
 ###################################################################################################
 
 set $rocket_debug 0;				# Add debug information into header
+set $rocket_hsts_value "";			# HTTP Strict Transport Security (if you want overwrite default) 
 
 ###################################################################################################
 # Do not alter theses values
@@ -24,8 +25,11 @@ set $rocket_encryption "";			# Is GZIP accepted by client ?
 set $rocket_file "";				# Filename to use
 set $rocket_is_bypassed "No";		# Header text added to check if the bypass worked or not. Header: X-Rocket-Nginx-Bypass
 set $rocket_reason "";				# Reason why cache file was not used. If cache file is used, what file was used
-set $https_prefix "";				# HTTPS prefix to use when cached files are using HTTPS
+set $rocket_https_prefix "";		# HTTPS prefix to use when cached files are using HTTPS
+set $rocket_hsts 0;					# Is HSTS is off (0) by default. Will be turned on (1) if request is HTTPS
 
+# HSTS Default value : 1 year, include subdomains.
+set $rocket_hsts_value_default "max-age=31536000; includeSubDomains";
 
 ###################################################################################################
 # PAGE CACHE
@@ -38,11 +42,22 @@ if ($http_accept_encoding ~ gzip) {
 
 # Is SSL request ?
 if ($https = "on") {
-	set $https_prefix "-https";
+	set $rocket_https_prefix "-https";
+	set $rocket_hsts 1;
+}
+
+# If HSTS value is not set, use default value
+if ($rocket_hsts_value = "") {
+	set $rocket_hsts_value "$rocket_hsts_value_default";
+}
+
+# If HSTS is disabled, unset HSTS set for Rocket-Nginx configuration
+if ($rocket_hsts = "0") {
+	set $rocket_hsts_value "";
 }
 
 # File/URL to return IF we must bypass WordPress
-set $rocket_url "/wp-content/cache/wp-rocket/$http_host/$request_uri/index$https_prefix.html$rocket_encryption";
+set $rocket_url "/wp-content/cache/wp-rocket/$http_host/$request_uri/index$rocket_https_prefix.html$rocket_encryption";
 set $rocket_file "$document_root$rocket_url";
 
 
@@ -101,6 +116,7 @@ location ~ /wp-content/cache/wp-rocket/.*html$ {
 	add_header X-Rocket-Nginx-Bypass $rocket_is_bypassed;
 	add_header X-Rocket-Nginx-Reason $rocket_reason;
 	add_header X-Rocket-Nginx-File $rocket_file;
+	add_header Strict-Transport-Security "$rocket_hsts_value";
 	expires 30d;
 }
 
@@ -114,6 +130,7 @@ location ~ /wp-content/cache/wp-rocket/.*_gzip$ {
 	add_header X-Rocket-Nginx-Bypass $rocket_is_bypassed;
 	add_header X-Rocket-Nginx-Reason $rocket_reason;
 	add_header X-Rocket-Nginx-File $rocket_file;
+	add_header Strict-Transport-Security "$rocket_hsts_value";
 	expires 30d;
 }
 
@@ -122,6 +139,8 @@ add_header X-Rocket-Nginx-Bypass $rocket_is_bypassed;
 add_header X-Rocket-Nginx-Reason $rocket_reason;
 add_header X-Rocket-Nginx-File $rocket_file;
 
+# No HSTS header added here. We suppose it's correctly added in the site configuration
+
 
 ###################################################################################################
 # BROWSER CSS CACHE