Published on December 29, 2020

Configuration

Edit /etc/nginx/sites-available/02_example.com:

server {
	listen 80;
	listen [::]:80;
	server_name .example.com;

	# Redirect HTTP traffic to HTTPS.
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl;
	listen [::]:443 ssl;
	server_name .example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
}

References

https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/

[ #alpine #http #nginx ]

If you like my work or if my work has been useful to you in any way, then feel free to donate me a cup of coffee. Any donation is much appreciated!

Setting up HTTP Strict Transport Security

Configuration

References