diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index c34b470456..03ff000b6c 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -21,11 +21,6 @@ example.tld { ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 } - header / { - Strict-Transport-Security "max-age=31536000; includeSubDomains;" - Expect-CT "enforce, max-age=2592000" - } - # If you do not want to use the mediaproxy function, remove these lines. # To use this directive, you need the http.cache plugin for Caddy. cache { diff --git a/installation/pleroma-apache.conf b/installation/pleroma-apache.conf index cbb165064e..d5e75044fc 100644 --- a/installation/pleroma-apache.conf +++ b/installation/pleroma-apache.conf @@ -34,9 +34,6 @@ CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCompression off SSLSessionTickets off - # Uncomment this only after you get HTTPS working. - # Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" - RewriteEngine On RewriteCond %{HTTP:Connection} Upgrade [NC] RewriteCond %{HTTP:Upgrade} websocket [NC] diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 62c99383ff..f0e684f2c8 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -60,9 +60,6 @@ server { client_max_body_size 16m; location / { - # Uncomment this only after you get HTTPS working. - # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 5d80c6f44f..63c1cb74db 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -119,8 +119,3 @@ sub vcl_pipe { set bereq.http.connection = req.http.connection; } } - -sub vcl_deliver { - # Uncomment this only after you get HTTPS working. - # set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains"; -}