Good day!
According to the HSTS tuning instructions (https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
The problem is that we are not tested by https://page-speed.ru/tests/http2/ - HSTS not used, although the title is "Strict-Transport-Security: max-age = 31536000; includeSubDomains".
Please tell me what I am doing wrong.
http.conf:
server {
listen 80 default_server;
server_name *.test.com;
return 301 https://$server_name$request_uri;
}
https.conf:
server {
listen test2.test.com;
server_name test2.test.com;
listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/wildcart_chain.pem;
ssl_certificate_key /etc/nginx/ssl/wildcart_privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/html text/plain application/xml;
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
location /b520504b-721c-4810-ba34-9f341eb8544e {
proxy_pass https://panda.aplana.com/b520504b-721c-4810-ba34-9f341eb8544e;
}
}
According to the HSTS tuning instructions (https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/).
The problem is that we are not tested by https://page-speed.ru/tests/http2/ - HSTS not used, although the title is "Strict-Transport-Security: max-age = 31536000; includeSubDomains".
Please tell me what I am doing wrong.
http.conf:
server {
listen 80 default_server;
server_name *.test.com;
return 301 https://$server_name$request_uri;
}
https.conf:
server {
listen test2.test.com;
server_name test2.test.com;
listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/wildcart_chain.pem;
ssl_certificate_key /etc/nginx/ssl/wildcart_privatekey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
gzip on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/html text/plain application/xml;
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
location /b520504b-721c-4810-ba34-9f341eb8544e {
proxy_pass https://panda.aplana.com/b520504b-721c-4810-ba34-9f341eb8544e;
}
}