Hi Carlin,
On Thu, Oct 1, 2015 at 4:53 PM, Carlin Bingham <c...@viennan.net> wrote:
> On Fri, 2 Oct 2015, at 03:37 AM, Pablo Méndez Hernández wrote:
> > Hi misc@,
> >
> > I'm trying to configure HSTS for my personal domain to no avail.
> >
> > According to my understanding of httpd.conf, you'd only need to include
> the
> > 'hsts' keyword in the tls part of the configuration with no need to
> > redirect to https in the http case, but my configuration doesn't seem to
> > work.
>
> No, you still need to create a virtual host that listens on port 80 and
> does a redirect to https.
>
Thanks!
As suggested by you, if I add this:
server "www.mydomain.org" {
listen on $ext_addr port 80
block return 301 "https://$SERVER_NAME";
}
it works, but in that case I don't see the point of configuring HSTS if we
are forcing the redirect... :/
Kind regards.
>
> > My configuration is as follows:
> >
> > $ cat /etc/httpd.conf
> > #
> > # Macros
> > #
> > ext_addr="egress"
> >
> > #
> > # Servers
> > #
> >
> > # A name-based "virtual" server
> > server "www.mydomain.org" {
> > listen on $ext_addr tls port 443
> >
> > hsts {
> > subdomains
> > }
> >
> > tls {
> > ciphers "secure"
> > }
> >
> > root "/htdocs/www.mydomain.org"
> > }
> >
> > With this configuration, whenever I try to connect using http://, Chrome
> > fails with ERR_CONNECTION_REFUSED
> >
> >
> > Thanks in advance.
> >
> > --
> >
> > Pablo Méndez Hernández
> >
>
--
Pablo Méndez Hernández
