Archive > 21.7 Legacy Series

Enable HSTS on Nginx Reverse Proxy

(1/1)

HunvHunv:
Hi,

I am trying to enable HSTS for the Reverse Proxy using the nginx plugin.
I saw the documentation over here: https://docs.opnsense.org/manual/how-tos/nginx_header_hardening.html
It states "If you set a setting here, it will override what the webserver sets. You can inject this security setting into a location or HTTP server."

I configured a security header and set a timeout as well enabled the subdomain checkbox. (like in the screenshot of documentation).

I can find this setting in the HTTP server setting dialog combobox "Security header" but not in the location one were I think the combobox is called "Custom Security Policy".

The reason I want to config it in "location" is, that it does not work if I configure it in "HTTP server". I also don't see this in the nginx.conf at /usr/local/etc/nginx for my upstream server.

Any ideas what is wrong on my side or what I am actually doing wrong?

fabian:
You may have missed to reload the server.

RamSense:
I just added a security header in nginx, did reload the sever and it works. So I think that reload should work for you HunvHunv.

Navigation

[0] Message Index