From 6402dd91c5da8aa8928419642fc625819b372dec Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Thu, 29 May 2025 12:03:57 +0100
Subject: [PATCH] community: switch fully to outlets for osm ssl settings

---
 cookbooks/community/templates/default/web_only.yml.erb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/cookbooks/community/templates/default/web_only.yml.erb b/cookbooks/community/templates/default/web_only.yml.erb
index 20dd62338..51bcc4aaa 100644
--- a/cookbooks/community/templates/default/web_only.yml.erb
+++ b/cookbooks/community/templates/default/web_only.yml.erb
@@ -116,11 +116,9 @@ hooks:
         cmd:
           - sudo -H -E -u discourse cp /shared/feeds/update-feeds.atom public/update-feeds.atom
   after_ssl:
-    - replace:
-        filename: "/etc/nginx/conf.d/outlets/server/20-https.conf"
-        from: /add_header Strict-Transport-Security.+/
-        to: |
-          add_header Strict-Transport-Security 'max-age=63072000' always;
+    - file:
+        path: "/etc/nginx/conf.d/outlets/server/25-https-osm-settings.conf"
+        contents: |
           ssl_stapling on;
           resolver <%= @resolvers.join(" ") %>;
           resolver_timeout 5s;
-- 
2.39.5