On Fri, 2 Oct 2015, at 03:37 AM, Pablo Méndez Hernández wrote: > Hi misc@, > > I'm trying to configure HSTS for my personal domain to no avail. > > According to my understanding of httpd.conf, you'd only need to include the > 'hsts' keyword in the tls part of the configuration with no need to > redirect to https in the http case, but my configuration doesn't seem to > work.
No, you still need to create a virtual host that listens on port 80 and does a redirect to https. -- Carlin > > My configuration is as follows: > > $ cat /etc/httpd.conf > # > # Macros > # > ext_addr="egress" > > # > # Servers > # > > # A name-based "virtual" server > server "www.mydomain.org" { > listen on $ext_addr tls port 443 > > hsts { > subdomains > } > > tls { > ciphers "secure" > } > > root "/htdocs/www.mydomain.org" > } > > With this configuration, whenever I try to connect using http://, Chrome > fails with ERR_CONNECTION_REFUSED > > > Thanks in advance. > > -- > > Pablo Méndez Hernández