Recent Comments
변군이글루
[Linux] HSTS (HTTP Strict Transport Security) 설정 본문
HSTS (HTTP Strict Transport Security) 설정
Redirect HTTP connections to HTTPS
Apache 설정
<VirtualHost *:80>
ServerName example.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
</VirtualHost>
NGINX 설정
server {
listen 80;
server_name example.com;
return 301 https://$http_host$request_uri;
}
HSTS 설정
- HSTS를 사용하려면 "Strict-Transport-Security" HTTP 헤더를 설정합니다.
max-age = 적용 시간. 초단위
includeSubdomains : 서브 도메인도 적용
preload : 클라이언트(브라우저)에 preload list에 추가
Apache 설정
<VirtualHost example.com:443>
Header always set Strict-Transport-Security "max-age=86400; includeSubdomains; preload"
</VirtualHost>
NGINX 설정
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=86400; includeSubdomains; preload";
}
HSTS가 활성화되었는지 확인하는 방법
크롬 브라우저에서 확인
chrome://net-internals/#hsts
- domain1.co.kr
- domain2.co.kr
cURL을 사용하여 HSTS 헤더 확인
curl -s -D- https://domain.com/ | grep -i Strict
$ curl -s -D- https://sangchul.kr/ | grep -i Strict
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
$ curl --head https://sangchul.kr
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 29 Sep 2020 02:09:45 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Link: <https://sangchul.kr/index.php?rest_route=/>; rel="https://api.w.org/"
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Public-Key-Pins: max-age=31536000;
pin-sha256="O2ELvEUIPxmsA7vJAbZxoiABBkonE3U+INXiuRkWTu4=";
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=";
pin-sha256="T3QGJPkeB/a0wqVRQLP1AMsOTOxc8OJOR6nczDNd7H4=";
includeSubDomains
HTTP Strict Transport Security
RFC: RFC6797 (HTTP Strict Transport Security (HSTS))
'* 리눅스' 카테고리의 다른 글
[Kubernetes] Kubernetes 설치 -1 (0) | 2020.10.04 |
---|---|
[VPN] SoftEther VPN 설치 및 설정-3 (0) | 2020.10.04 |
[Linux] HSTS (HTTP Strict Transport Security) 설정 (1) | 2020.09.29 |
[VPN] OPENVPN 스크립트로 패키지 설치 (0) | 2020.09.28 |
[VPN] openvpn client 설치(리눅스) (0) | 2020.09.25 |
[VPN] openvpn 구성 파일(.ovpn) 생성 (0) | 2020.09.25 |
1 Comments