Pull request 181: 2998-hsts
Squashed commit of the following: commit 33f2a2f08b43dfe700703ad65e3d7a5b29bea309 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Aug 30 18:50:06 2023 +0300 Encryption: imp hsts doc commit 2d5f3155eb2d55a5654e3ba45872152175cedf76 Author: Ainar Garipov <A.Garipov@AdGuard.COM> Date: Wed Aug 30 18:38:42 2023 +0300 Configuration: HSTS
parent
b3490ee566
commit
b0627444f0
|
@ -651,6 +651,9 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
|
|||
|
||||
Must match one of the DNS Names in the certificate.
|
||||
- `force_https`: If `true`, force HTTP-to-HTTPS redirect.
|
||||
|
||||
**Since v0.107.37,** this setting also sets the
|
||||
[`Strict-Transport-Security`][hsts] header.
|
||||
- `port_https`: The HTTPS port. Used for both web UI and DNS-over-HTTPS. If
|
||||
`0`, HTTPS is disabled.
|
||||
- `port_dns_over_tls`: The DNS-over-TLS port. If `0`, DNS-over-TLS is
|
||||
|
@ -718,13 +721,14 @@ Settings are stored in [YAML format](https://en.wikipedia.org/wiki/YAML), possib
|
|||
|
||||
Removing an entry from settings file will reset it to the default value. Deleting the file will reset all settings to the default values.
|
||||
|
||||
[DDR]: https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
|
||||
[DHCP]: https://github.com/AdguardTeam/AdGuardHome/wiki/DHCP
|
||||
[DNSCrypt]: https://github.com/AdguardTeam/AdGuardHome/wiki/DNSCrypt
|
||||
[docker-conf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Docker#configuration
|
||||
[`dnscrypt`]: https://github.com/ameshkov/dnscrypt
|
||||
[DDR]: https://www.ietf.org/archive/id/draft-ietf-add-ddr-06.html
|
||||
[tls-names]: https://pkg.go.dev/crypto/tls#pkg-constants
|
||||
[docker-conf]: https://github.com/AdguardTeam/AdGuardHome/wiki/Docker#configuration
|
||||
[hsts]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
|
||||
[rfc6147]: https://datatracker.ietf.org/doc/html/rfc6147
|
||||
[tls-names]: https://pkg.go.dev/crypto/tls#pkg-constants
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -217,13 +217,14 @@ Other HTTP headers may be supported by AdGuard Home in the future. However, any
|
|||
headers-related feature requests should first be tried to be resolved by
|
||||
configuring the reverse proxy itself.
|
||||
|
||||
For example, to implement the [HTTP Strict Transport Security][hsts] mechanism,
|
||||
something like the following piece of configuration might be used:
|
||||
For example, to modify the [HTTP Strict Transport Security][hsts] mechanism to
|
||||
include the experimental `preload` directive, something like the following piece
|
||||
of configuration might be used:
|
||||
|
||||
```nginx
|
||||
location /dns-query {
|
||||
# …
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
# …
|
||||
}
|
||||
```
|
||||
|
|
Loading…
Reference in New Issue