search

perusio / drupal-with-nginx

Running Drupal using nginx: an idiosyncratically crafted bleeding edge configuration.
855 stars 246 forks source link

HTTP Strict Transport Security (HSTS) #291

Open accuraz opened 3 years ago

accuraz commented 3 years ago

I'm trying to activate HTTP Strict Transport Security (HSTS) by following NGINX's official approach.

As I understand it, its a matter of adding a header directive into ssl server block.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

I tried to add the directive in ssl server block sites-available/exemple.com.conf before and after root directory declaration and by comment it in nginx.conf

I also tried to not add header into exemple.com.conf and instead add it in nginx.conf.

None of that configuration will work.

Maybe someone here uses HSTS and successfully configured it.

Some help would be great.

Thank you per advance.

mbomb007 commented 3 years ago

https://github.com/perusio/drupal-with-nginx/blob/D7/nginx.conf

You have to put it in nginx.conf (it's already in there, just uncomment it), and it must not be in your example.com.conf