Home > Guides > Alpine Server > Setting up HTTP Strict Transport Security

Setting up HTTP Strict Transport Security

Configuration

Set up Let's Encrypt first.

Edit /etc/nginx/sites-available/02_example.com:

server {
	listen 80;
	listen [::]:80;
	server_name .example.com;

	# Redirect HTTP traffic to HTTPS.
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name .example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}

References

  1. https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/