On Fri, 2 Oct 2015, at 03:37 AM, Pablo Méndez Hernández wrote:
> Hi misc@,
>
> I'm trying to configure HSTS for my personal domain to no avail.
>
> According to my understanding of httpd.conf, you'd only need to include the
> 'hsts' keyword in the tls part of the configuration with no need to
> redirect to https in the http case, but my configuration doesn't seem to
> work.
No, you still need to create a virtual host that listens on port 80 and does a
redirect to https.
--
Carlin
>
> My configuration is as follows:
>
> $ cat /etc/httpd.conf
> #
> # Macros
> #
> ext_addr="egress"
>
> #
> # Servers
> #
>
> # A name-based "virtual" server
> server "www.mydomain.org" {
> listen on $ext_addr tls port 443
>
> hsts {
> subdomains
> }
>
> tls {
> ciphers "secure"
> }
>
> root "/htdocs/www.mydomain.org"
> }
>
> With this configuration, whenever I try to connect using http://, Chrome
> fails with ERR_CONNECTION_REFUSED
>
>
> Thanks in advance.
>
> --
>
> Pablo Méndez Hernández
