NigelVanHattum
commented
4 months ago Maybe an easy fix here is to just close port 80 on your vm. Not exactly what you are looking for, but why would you want to even enable these connections.
Open Mase3206 opened 4 months ago
NigelVanHattum
commented
4 months ago Maybe an easy fix here is to just close port 80 on your vm. Not exactly what you are looking for, but why would you want to even enable these connections.
Mase3206
commented
4 months ago I'm not sure I understand what connections are you talking about. Do you mean HTTP connections or un-proxied connections?
For some reason, I hadn't thought about just closing port 80. I'll do that in the meantime. I would still like a way to force a connection to be "upgraded" to HTTPS.
Is your feature request related to a problem? Please describe. I don't use authentik through reverse proxy, as it adds some extra complication, and it was easier to run it in a VM with its own IP. However, I no longer have control over HTTP vs HTTPS with this method. I would like to enforce HTTPS and disalow unencrypted traffic over standard HTTP, as it is less secure, but I haven't found a way to do so.
Describe the solution you'd like The most user-friendly way could be a toggle in each Tennant/Brand to enforce HSTS. It could also be an environment variable set to
True.Describe alternatives you've considered I could run authentik behind a reverse proxy again, which would allow for HSTS enforcement. However, as mentioned earlier, that requires more configuration than I am willing to do, especially since I use Nginx Proxy Manager instead of raw Nginx config files. Custom parameters are supported, but direct connections are far more simple.