From b3c689eddb35f72f73e748f7a3662cb701f0b604 Mon Sep 17 00:00:00 2001
From: Adrian Heine <mail@adrianheine.de>
Date: Fri, 28 Apr 2017 12:48:58 +0200
Subject: [PATCH] HTTP->HTTPS, HTTP2, HSTS

---
 src/symbols/nginx/server.rs | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/symbols/nginx/server.rs b/src/symbols/nginx/server.rs
index f3f5215..9ee5774 100644
--- a/src/symbols/nginx/server.rs
+++ b/src/symbols/nginx/server.rs
@@ -52,12 +52,24 @@ impl<'a> NginxServer<'a, String> {
   pub fn server_config(domain: &str, content: &str) -> String {
     format!("server {{
     listen                  80;
-    listen                  443 ssl;
-    ssl_certificate         /etc/ssl/local_certs/{0}.crt;
-    ssl_certificate_key     /etc/ssl/private/{0}.key;
     server_name             {0};
     include                 \"snippets/acme-challenge.conf\";
 
+    location / {{
+      # Redirect all HTTP links to the matching HTTPS page
+      return 301 https://$host$request_uri;
+    }}
+}}
+
+server {{
+    listen                  443 ssl http2;
+    server_name             {0};
+    include                 \"snippets/acme-challenge.conf\";
+
+    ssl_certificate         /etc/ssl/local_certs/{0}.crt;
+    ssl_certificate_key     /etc/ssl/private/{0}.key;
+    add_header              Strict-Transport-Security \"max-age=31536000\";
+
     {1}
 }}
 ", domain, content)