nginx,

Add HSTS in Nginx

Mar 28, 2022 · 1 min read · Post a comment
Add HSTS in Nginx

Increasing the website performance and decreasing the server load can be achieved by HSTS. Enabling the HSTS security headers in Nginx will tell the browser to use https instead of http. So let’s see how to enable it.

Prerequisites

  • Nginx

Solution

Step 1. Open the nginx virtual host config file. I’m gonna do it for hsts.devcoops.com.conf.

...
# Security Headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
...

Step 2. Save it and check the Nginx config.

nginx -v

Step 3. If there are no errors reload the nginx config.

systemctl reload nginx

Step 4. To check if the HSTS is enabled, run:

curl -s -D- https://hsts.devcoops.com | grep -i Strict

Conclusion

Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.