• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Nginx IPv6 Reverse Proxy Configuration For HSTS Website

By Abhishek Ghosh November 22, 2016 8:53 am Updated on November 22, 2016

Nginx IPv6 Reverse Proxy Configuration For HSTS Website

Advertisement

In Previous Guide We Have Talked How To Add IPv6 to IPv4 Server With Nginx Reverse Proxy To Have IPv6 on IPv4 Only Hosts. In this Guide We Will Show the Nginx IPv6 Reverse Proxy Configuration For HSTS Website. Which is Slightly Different than Normal HTTPS Website. Improperly Configured Proxy Will Break HSTS Header By Repeating the Sequence. It is not only HSTS, but also HPKP and Alternate Protocol headers which gets affected.

nginx-ipv6-reverse-proxy-configuration-for-hsts-website

 

Nginx IPv6 Reverse Proxy Configuration For HSTS : Method 1

 

This is an example of header which we normally use for Nginx IPv6 reverse proxy :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
       listen [::]:443 ssl http2;
       server_name thecustomizewindows.com;
...
# ssl directives here
...
       add_header Alternate-Protocol  443:npn-spdy/3;
       add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
       add_header Public-Key-Pins 'pin-sha256="snqzW9Bwdb/++vjcA36+kbP/qaVMmnB9ckuI3qAkihQ="; pin-sha256="BJKSF/6L2QXz4xK6MVj2RTiyPlFzQx3NcpuxnuqdABk="; report-uri="https://abhishekghosh.report-uri.io/r/default/csp/enforce"; max-age=5184000; includeSubDomains';
        location / {
                proxy_pass         https://thecustomizewindows.com:443; # live webiste on IPV4
                proxy_redirect     off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
       }
}

On online tools like SSL Labs Dev website, you’ll get the header response printed. First method is to add proxy_hide_header directive under location directive to prevent HSTS getting duplicated :

Advertisement

---

Vim
1
2
3
4
5
6
7
8
9
10
11
12
...
        location / {
                proxy_pass         https://thecustomizewindows.com:443;
                proxy_hide_header Strict-Transport-Security;
                proxy_hide_header Public-Key-Pins;
                proxy_hide_header Alternate-Protocol;
                proxy_redirect     off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
       }
...

However, this method is not preferred by us.

 

Nginx IPv6 Reverse Proxy Configuration For HSTS : Method 2

 

Basically if we omit the add_header Strict-Transport-Security like directives on reverse proxy server, second (read main IPv4 server) automatically will pass the HSTS header. Simply comment out them :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
server {
       listen [::]:443 ssl http2;
       server_name thecustomizewindows.com;
...
# ssl directives here
...
       #add_header Alternate-Protocol  443:npn-spdy/3;
       #add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
       #add_header Public-Key-Pins 'pin-sha256="snqzW9Bwdb/++vjcA36+kbP/qaVMmnB9ckuI3qAkihQ="; pin-sha256="BJKSF/6L2QXz4xK6MVj2RTiyPlFzQx3NcpuxnuqdABk="; report-uri="https://abhishekghosh.report-uri.io/r/default/csp/enforce"; max-age=5184000; includeSubDomains';
        location / {
                proxy_pass         https://thecustomizewindows.com:443; # live webiste on IPV4
                proxy_redirect     off;
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
       }
}

Now formally run config test and restart Nginx. Check SSL Grading on SSL Labs Tool. You can see our result here :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=thecustomizewindows.com

When your domain is HTTPS everywhere atlas listed, for wrong HSTS configuration, many things can go wrong, not only the grading by SSL Labs.

Tagged With hsts nginx ipv6 , hsts revcerse proxy , IPv6 hits proxy , nginx ipv6 x-real-ip , nginx proxy No HSTS header is present on the response , nginx reverse proxy configuration

This Article Has Been Shared 375 Times!

Facebook Twitter Pinterest
Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Nginx IPv6 Reverse Proxy Configuration For HSTS Website

  • WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud

    Here is a Step by Step Guide on Setting Up WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud with All Commands and the Configuration.

  • Upgrading Ubuntu 14.04 to Latest Nginx to Support HTTP2

    Here Are Steps For Upgrading Ubuntu 14.04 to Latest Nginx to Support HTTP2 With Troubleshooting Error. Nginx Has No Support For this Upgrade.

  • Upgrade Ubuntu Server 14.04 to 16.04 With Live WordPress

    Here Are the Detailed Steps on How To Upgrade Ubuntu Server 14.04 to 16.04 With Live WordPress With Kernel Upgrade, Debug & Fixes For Nginx.

  • How To Configure Nginx Access Log With GeoIP (Ubuntu 16.04)

    Here is How To Configure Nginx Access Log With GeoIP on Ubuntu 16.04. Usage Commands Also Shown. Access Log is Powerful & Configurable Tool.

  • How To Generate Let’s Encrypt ECC SSL (ECDSA) Certificate

    Few Costly Paid SSL Have Support For ECC. Let’s Encrypt Supports For Free. Here is How To Generate Let’s Encrypt ECC SSL (ECDSA) Certificate.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (22.1K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • How Artificial Intelligence (AI) Is Changing The Way We Play Bingo May 16, 2022
  • Why You Need A Big Data Consultant May 15, 2022
  • The Connection Between AI And Online Slots May 13, 2022
  • How To Choose Your Niche As An Instagram Influencer May 12, 2022
  • How to Choose a Powerful Domain Name for Your New Venture May 12, 2022

About This Article

Cite this article as: Abhishek Ghosh, "Nginx IPv6 Reverse Proxy Configuration For HSTS Website," in The Customize Windows, November 22, 2016, May 16, 2022, https://thecustomizewindows.com/2016/11/nginx-ipv6-reverse-proxy-configuration-for-hsts-website/.

Source:The Customize Windows, JiMA.in

This website uses cookies. If you do not want to allow us to use cookies and/or non-personalized Ads, kindly clear browser cookies after closing this webpage.

Read Privacy Policy.

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2022 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy