Differences

This shows you the differences between two versions of the page.

--- ubuntu:nginx:setting_up_hsts_in_nginx [2019/11/29 16:20] – created peter
+++ ubuntu:nginx:setting_up_hsts_in_nginx [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Ubuntu - NginX - HTTPS Strict Transport Security (HSTS) ======
-The HTTP Strict Transport Security (HSTS) header allows a host to enforce the use of HTTPS on the client side. By informing the browser to only use HTTPS, even if the user specifies HTTP as the protocol, the browser will enforce the use of HTTPS.  This protects the user from various forms of SSL stripping attacks and provides the host an option to better enforce the use of secure communications.
+The HTTP Strict Transport Security (HSTS) header allows a host to enforce the use of HTTPS on the client side.
+By informing the browser to only use HTTPS, even if the user specifies HTTP as the protocol, the browser will enforce the use of HTTPS.  This protects the user from various forms of SSL stripping attacks and provides the host an option to better enforce the use of secure communications.
 HSTS, coupled with server side redirection from HTTP to HTTPS, offers a more robust implementation of SSL as the browser is now aware that you expect secure comms.  If a Man In the Middle tries to strip out SSL from your communications by acting as a proxy, your browser will refuse the connection because it is expecting HTTPS and not HTTP.
+----
 ===== NginX - Setting up HSTS in NginX =====
@@ Line 31: / Line 34: @@
 The optional **always** parameter ensures that the header is set for all responses, including internally-generated error responses.  Older versions of NGINX (prior to 1.7.5 or NGINX Plus R5) don’t support the always parameter and do not set the header on internally-generated error responses.
+----
+===== Restart NginX =====
-Don't forget to restart NginX.
+<code bash>sudo systemctl restart nginx.service</code>
-<code bash>systemctl restart nginx.service</code>