security fixes

playbooks/nginx/sites-enabled/lounge.secretbee.buzz

@@ -1,4 +1,3 @@
-## Redirect all HTTP traffic to HTTPS
 server {
   listen          80;
   server_name     lounge.secretbee.buzz;
@@ -12,7 +11,9 @@ server {
   listen         443 ssl;
   server_name    lounge.secretbee.buzz;
 
-  add_header Strict-Transport-Security "max-age=31536000" always; 
+  limit_req zone=mylimit burst=20;
+
+  add_header Strict-Transport-Security "max-age=31536000, includeSubDomains" always;
 
   ssl_certificate     /etc/letsencrypt/live/lounge.secretbee.buzz/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/lounge.secretbee.buzz/privkey.pem;