From 2510b985b1d088db3cf368da9ee1e5a010d1bafc Mon Sep 17 00:00:00 2001
From: hayden-t <hayden-t@users.noreply.github.com>
Date: Tue, 30 Dec 2025 13:54:39 +1100
Subject: [PATCH] incorrect ssl_enforce setting for HSTS

https://github.com/webmin/webmin/issues/2611
---
 setup.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/setup.sh b/setup.sh
index b03a92608..7840d0c4a 100755
--- a/setup.sh
+++ b/setup.sh
@@ -839,8 +839,8 @@ if [ "$upgrading" != 1 ]; then
 	# Enable HSTS by default
 	echo "ssl_hsts=1" >> $config_dir/miniserv.conf
 
-	# Enable force redirect to SSL by default
-	echo "ssl_enforce=1" >> $config_dir/miniserv.conf
+	# Enable force redirect to SSL with HSTS by default
+	echo "ssl_enforce=2" >> $config_dir/miniserv.conf
 
 	# Disallow unknown referers by default
 	echo "referers_none=1" >>$config_dir/config
@@ -851,10 +851,10 @@ else
 		echo "ssl_hsts=1" >> $config_dir/miniserv.conf
 	fi
 
-	# Enable force redirect to SSL if not set
+	# Enable force redirect to SSL with HSTS if not set
 	grep ssl_enforce= $config_dir/miniserv.conf >/dev/null
 	if [ "$?" != "0" ]; then
-		echo "ssl_enforce=1" >> $config_dir/miniserv.conf
+		echo "ssl_enforce=2" >> $config_dir/miniserv.conf
 	fi
 
 	# Disallow unknown referers if not set