Want to subscribe to topics you're interested in?
Become a Member

SSL HSTS not working

Discussion in 'Domains, DNS, Email & SSL Certificates' started by arlon, Mar 2, 2016.

  1. arlon

    arlon Member

    95
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    5:34 AM
    1.13.6
    10.1
    i want to activate HSTS on my website, i have uncommented hsts rule
    these rule that i have tried:
    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    add_header Strict-Transport-Security "max-age=31536000;";

    i have nprestart too


    i check using curl -I MyDomain | Domain Names, Web Hosting, and Free Domain Services and also ssllabs
     
  2. eva2000

    eva2000 Administrator Staff Member

    55,951
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    8:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    you're testing against html files so need to add header to /usr/local/nginx/conf/staticfiles.conf for html location context too

    Code:
        location ~* \.(html|htm|txt)$ {
            #add_header Pragma public;
            add_header Cache-Control "public, must-revalidate, proxy-revalidate";
            access_log off;
            expires 1d;
            break;
            }
     
  3. arlon

    arlon Member

    95
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    5:34 AM
    1.13.6
    10.1
    Great, whats is the best rule?
    add_header Strict-Transport-Security "max-age=31536000" always;
    or
    add_header Strict-Transport-Security "max-age=31536000;";

    i don't have subdomain
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,951
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    8:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. arlon

    arlon Member

    95
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    5:34 AM
    1.13.6
    10.1
  6. eva2000

    eva2000 Administrator Staff Member

    55,951
    12,283
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,870
    Local Time:
    8:34 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+