From 037b6b81170c6f0de9e984ee75829423ab1255e8 Mon Sep 17 00:00:00 2001
From: fro <committer@tuxwarrior.xyz>
Date: Tue, 28 Oct 2025 16:01:20 -0500
Subject: [PATCH] / mozilla ssl cfg generator

https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&config=intermediate&openssl=3.4.0&guideline=5.7
---
 cfg/ngx/hw.op.fo.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/cfg/ngx/hw.op.fo.conf b/cfg/ngx/hw.op.fo.conf
index b4ebc22..cb1d146 100644
--- a/cfg/ngx/hw.op.fo.conf
+++ b/cfg/ngx/hw.op.fo.conf
@@ -26,11 +26,14 @@ server {
 server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
+    http2 on;
 
     ssl_certificate /etc/nginx/acme.sh/op.fo/fullchain.pem;
     ssl_certificate_key /etc/nginx/acme.sh/op.fo/key.pem;
     ssl_trusted_certificate /etc/nginx/acme.sh/op.fo/cert.pem;
 
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
     root /var/www/hw.op.fo;
     index index.html;
     server_name hw.op.fo;