首頁 / 精華文章 / 設定 HTTP強制安全傳輸技術 (HSTS) with VestaCP

設定 HTTP強制安全傳輸技術 (HSTS) with VestaCP

HTTP強制安全傳輸技術(HTTP Strict Transport Security, HSTS)是一個網際網路的安全策略機制,讓網頁伺服器設定一個時間,限制用戶端的瀏覽器在該時間內,只能夠使用安全的HTTPS連線方式(HTTP強制轉成HTTPS連線),瀏覽該網站內容,以減少連線被劫持的風險。

HSTS也算是一套很成熟的安全性增強的應用了,只需要有SSL認證即可,我近幾年都是用VestaCP,所以這邊做個開啟HSTS的紀錄方便查閱 😁

Apache設定

rm -f /etc/httpd/conf/httpd.conf.bak
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak
cat >> /etc/httpd/conf/httpd.conf <<- EOF
########## Setting up HSTS ###########
# Enable Headers and rewrite modules
LoadModule headers_module /usr/lib64/httpd/modules/mod_headers.so
LoadModule rewrite_module /usr/lib64/httpd/modules/mod_rewrite.so
# Setting up: https://is.gd/BqzkAj
# ref. https://hstspreload.org
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
########## Setting up HSTS ###########
EOF


NGiNX設定

rm -f /etc/nginx/conf.d/default.conf.bak
cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
sed -i 's/443 ssl/443 http2 ssl/g' /home/admin/conf/web/*.nginx.ssl.conf
sed -i '/server_name/a     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;' /etc/nginx/conf.d/default.conf

###最終測試

apachectl configtest && nginx -t

只要有出現下列三行即可 😊

Syntax OK
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

###重啟
systemctl restart httpd && systemctl restart nginx

然後到Qualys. SSL labs檢測,我的已經是A+等級了 😎😎😎

ref.

Comments

comments

關於 窮苦人家的小孩

In every democracy, the people get the government they deserve. ~Alexis de Tocqueville
上一篇:

您可能會喜歡

在VMware快速部署CentOS 7或是Windows 10

首先說CentOS,下載osb …

發佈留言