drupal-with-nginx icon indicating copy to clipboard operation
drupal-with-nginx copied to clipboard

Published 20 hours ago verified publisher icon perusio

HTTP Strict Transport Security (HSTS)

Open accuraz opened this issue 4 years ago • 1 comments

I'm trying to activate HTTP Strict Transport Security (HSTS) by following NGINX's official approach.

As I understand it, its a matter of adding a header directive into ssl server block.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

I tried to add the directive in ssl server block sites-available/exemple.com.conf before and after root directory declaration and by comment it in nginx.conf

I also tried to not add header into exemple.com.conf and instead add it in nginx.conf.

None of that configuration will work.

Maybe someone here uses HSTS and successfully configured it.

Some help would be great.

Thank you per advance.

accuraz avatar Jan 14 '21 10:01 accuraz

https://github.com/perusio/drupal-with-nginx/blob/D7/nginx.conf

You have to put it in nginx.conf (it's already in there, just uncomment it), and it must not be in your example.com.conf

mbomb007 avatar Feb 22 '21 21:02 mbomb007