Update to 2022-04-29 11:00

roles/nginx/defaults/main.yml

@@ -84,6 +84,8 @@ nginx_default_vhost_base:
 
 nginx_default_vhost_extra: {}
 nginx_default_vhost: "{{ nginx_default_vhost_base | combine(nginx_default_vhost_extra,recursive=True) }}"
+# Should HSTS header be added on the default vhost
+nginx_hsts: True
 
 # List of IP addresses which won't be affected by maintenance redirections
 nginx_maintenance_ip: []

roles/nginx/templates/nginx.conf.j2

@@ -90,7 +90,9 @@ http {
     add_header X-Frame-Options SAMEORIGIN;
     add_header X-Content-Type-Options nosniff;
     add_header X-XSS-Protection "1; mode=block";
+{% if nginx_hsts %}
     add_header Strict-Transport-Security $hsts_header;
+{% endif %}
 
     include /etc/nginx/ansible_conf.d/acme.inc;