zoukankan      html  css  js  c++  java
  • Configuring HSTS in NGINX

    Reference: HTTP Strict Transport Security (HSTS) and NGINX


    Header: Strict-Transport-Security

    Strict-Transport-Security 格式

    Strict-Transport-Security: <max-age=NUMBER>[; includeSubDomains][; preload]
    

    • max-age:单位:秒。 HSTS header 过期时间,一般设置为1年,即31536000秒。而每次Response Header都带上HSTS Header,则可不断刷新其过期时间。

    • includeSubDomains:需要开启HSTS的域名/子域名。

    • preload:当加入了浏览器内置Preload List时才需要设置该项。


    Nginx 配置示例

    server {
        listen 443 ssl;
    
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
        # This 'location' block inherits the STS header
        location / {
            root /usr/share/nginx/html;
        }
    
        # Because this 'location' block contains another 'add_header' directive,
        # we must redeclare the STS header
        location /servlet {
            add_header X-Served-By "My Servlet Handler";
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
            proxy_pass http://localhost:8080;
        }
    }
    

  • 相关阅读:
    设计模式总结
    centos7.5 安装python3.7
    搭建yum软件源
    centos安装gitbook
    编译技术
    samba安装
    docker命令
    shell基础知识
    随笔
    虚拟机字节码执行引擎(三)
  • 原文地址:https://www.cnblogs.com/tiantiandas/p/configuring-hsts-in-nginx.html
Copyright © 2011-2022 走看看