Configuring HSTS in NGINX

Reference: HTTP Strict Transport Security (HSTS) and NGINX

Strict-Transport-Security 格式

Strict-Transport-Security: <max-age=NUMBER>[; includeSubDomains][; preload]

max-age：单位：秒。 HSTS header 过期时间，一般设置为1年，即31536000秒。而每次Response Header都带上HSTS Header，则可不断刷新其过期时间。
includeSubDomains：需要开启HSTS的域名/子域名。
preload：当加入了浏览器内置Preload List时才需要设置该项。

Nginx 配置示例

server {
    listen 443 ssl;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # This 'location' block inherits the STS header
    location / {
        root /usr/share/nginx/html;
    }

    # Because this 'location' block contains another 'add_header' directive,
    # we must redeclare the STS header
    location /servlet {
        add_header X-Served-By "My Servlet Handler";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
        proxy_pass http://localhost:8080;
    }
}

查看全文

相关阅读:
设计模式总结
 centos7.5 安装python3.7
搭建yum软件源
 centos安装gitbook
编译技术
 samba安装
 docker命令
 shell基础知识
 随笔
 虚拟机字节码执行引擎（三）

原文地址：https://www.cnblogs.com/tiantiandas/p/configuring-hsts-in-nginx.html

Configuring HSTS in NGINX

Header: Strict-Transport-Security

Nginx 配置示例