Closed HansVanEijsden closed 2 years ago
First of all, thank you for this module. I'm using it on all of my servers with succes. I did a fresh git pull. Unfortunately, preload doesn't work.
Configure flags:
nginx version: nginx/1.21.6 built by gcc 8.3.0 (Debian 8.3.0-6) built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --prefix=/opt/nginx --user=www-data --group=www-data --with-http_v2_module --with-http_ssl_module --with-http_v2_hpack_enc --with-pcre-jit --with-file-aio --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_mp4_module --with-http_realip_module --with-http_stub_status_module --with-threads --with-libatomic --with-zlib=/usr/local/src/zlib --with-zlib-opt='-O3 -march=native -flto -fuse-linker-plugin' --with-http_gzip_static_module --with-openssl=/usr/local/src/openssl-3.0.2 --with-openssl-opt='no-zlib enable-rfc3779 enable-ec_nistp_64_gcc_128 no-tests no-unit-test -DCFLAGS=-O3 -march=native -flto -fuse-linker-plugin' --add-module=/usr/local/src/headers-more-nginx-module --add-module=/usr/local/src/echo-nginx-module --add-module=/usr/local/src/ngx_http_substitutions_filter_module --add-module=/usr/local/src/srcache-nginx-module --add-module=/usr/local/src/redis2-nginx-module --add-module=/usr/local/src/ngx_http_redis-0.3.9 --add-module=/usr/local/src/ngx_devel_kit --add-module=/usr/local/src/set-misc-nginx-module --add-module=/usr/local/src/ngx_brotli --add-module=/usr/local/src/ngx_security_headers --add-module=/usr/local/src/ngx_immutable --with-cc-opt='-DTCP_FASTOPEN=23 -march=native -flto -O3 -fuse-linker-plugin -Wno-error=strict-aliasing -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-ld-opt='-lrt -z relro -fstack-protector-strong'
In the nginx config I added security_headers on; in the main http block.
security_headers on;
http
Header output:
❯ curl --compressed -IL "https://www.weblogzwolle.nl/" HTTP/2 200 server: nginx date: Wed, 16 Mar 2022 21:20:51 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding set-cookie: wordpress_test_cookie=WP%20Cookie%20check; path=/ link: <https://www.weblogzwolle.nl/wp-json/>; rel="https://api.w.org/" x-content-type-options: nosniff x-xss-protection: 1; mode=block strict-transport-security: max-age=63072000; includeSubDomains x-frame-options: SAMEORIGIN referrer-policy: strict-origin-when-cross-origin x-cache: HIT x-cache-2: BYPASS public-key-pins: pin-sha256="fAYmhNNLaXs7XP8rVh/3+nACEdZefovkCJt8cZQFcDQ="; pin-sha256="C8AGueBZ5S3lFTVCU+/S3Fteku3NGRa0MHkeMsjvAKk="; pin-sha256="6tMzCDSUXMz7f8wecFye+mg5jgw7125rFQFODpx49xc="; pin-sha256="d4ilv6cF8gYda+qqKSdDulWJR7nfZdt1M6Hi/494i9Y="; max-age=5184000; report-uri="https://hansvaneijsden.report-uri.com/r/d/hpkp/enforce"; content-security-policy: upgrade-insecure-requests expect-ct: enforce,max-age=604800 content-encoding: br
System:
❯ uname -a Linux vps 5.10.0-0.bpo.11-amd64 #1 SMP Debian 5.10.92-1~bpo10+1 (2022-02-03) x86_64 GNU/Linux
I have this problem on all of my servers and vhosts. What am I doing wrong? Please let me know if you need more information, I'm happy to provide it.
Thank you for the bug report. This was a regression from a previous release. Fixed in v.0.0.11.
Hi @dvershinin, wow that's quick. I can confirm it's working now as it should. Thanks for fixing!
First of all, thank you for this module. I'm using it on all of my servers with succes. I did a fresh git pull. Unfortunately, preload doesn't work.
Configure flags:
In the nginx config I added
security_headers on;
in the mainhttp
block.Header output:
System:
I have this problem on all of my servers and vhosts. What am I doing wrong? Please let me know if you need more information, I'm happy to provide it.