I've got same experience with Laravel framework. They have another configuration to set header like that.
What web apps framework do you use? On Sunday, February 8, 2015, deltaxfx <[email protected]> wrote: > I have a domain setup with SSL and I am trying to get HSTS headers working. > I have done this in NGINX before with no problem. On this new domain I > can't > seem to get HSTS working properly. Not sure what I am doing wrong. > I have the following in the server block for the SSL server: > add_header Strict-Transport-Security "max-age=31536000;"; > > When I run "curl -s -D- https://my.domain.net/ | grep Strict" > I receive the following: > Strict-Transport-Security: max-age=0 > Strict-Transport-Security: max-age=31536000; > > From all the reading I've done trying to figure this out, my impression is > that with the add_header in the server directive, that will override any > previous declaration (there are none). Is that correct? > I grep'ed my entire /etc directory and there is only one instance of > "max-age" and that is in my ssl server config, with one year (31536000 > seconds). So no where on this system, which was just built, and only > accessed by me, is there any reference to HSTS with max-age=0. There is > only > one config in sites-enabled, and that is for my.domain.net. There is a > port > 80 config with a return 301 statement to permanently redirect to the SSL > server config. > > My nginx version is 1.6.2, on Ubuntu 14.04 LTS. > I have been unable to find any help on the web for where the invalid > (max-age=0) could be coming from. When testing on ssllabs they report the > max-age=0 header. When running the curl statement above on my local network > I show the above output. > > I'm not sure where to go from here trying to figure this out. There is > nothing in the NGINX error log, I wouldn't expect anything as NGINX > restarts > with no issues. > > Thanks for reading! > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,256508,256508#msg-256508 > > _______________________________________________ > nginx mailing list > [email protected] <javascript:;> > http://mailman.nginx.org/mailman/listinfo/nginx > -- Sent from iDewangga Device
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
