Hi Carlin, On Thu, Oct 1, 2015 at 4:53 PM, Carlin Bingham <c...@viennan.net> wrote:
> On Fri, 2 Oct 2015, at 03:37 AM, Pablo Méndez Hernández wrote: > > Hi misc@, > > > > I'm trying to configure HSTS for my personal domain to no avail. > > > > According to my understanding of httpd.conf, you'd only need to include > the > > 'hsts' keyword in the tls part of the configuration with no need to > > redirect to https in the http case, but my configuration doesn't seem to > > work. > > No, you still need to create a virtual host that listens on port 80 and > does a redirect to https. > Thanks! As suggested by you, if I add this: server "www.mydomain.org" { listen on $ext_addr port 80 block return 301 "https://$SERVER_NAME" } it works, but in that case I don't see the point of configuring HSTS if we are forcing the redirect... :/ Kind regards. > > > My configuration is as follows: > > > > $ cat /etc/httpd.conf > > # > > # Macros > > # > > ext_addr="egress" > > > > # > > # Servers > > # > > > > # A name-based "virtual" server > > server "www.mydomain.org" { > > listen on $ext_addr tls port 443 > > > > hsts { > > subdomains > > } > > > > tls { > > ciphers "secure" > > } > > > > root "/htdocs/www.mydomain.org" > > } > > > > With this configuration, whenever I try to connect using http://, Chrome > > fails with ERR_CONNECTION_REFUSED > > > > > > Thanks in advance. > > > > -- > > > > Pablo Méndez Hernández > > > -- Pablo Méndez Hernández