HSTS in either nginx or Traefik? #270
Assignees
Labels
Comments
|
Seems like we'll have to do that |
|
Agree with Nigel. Seems related to the TLS ticket in Isle-dc (Islandora-Devops/isle-dc#263). I've done some initial testing with min TLS 1.2 and HSTS enabled (Qualys SSL Labs A+ rating). Also, I'm using image tag: |
|
Closing this as solved in isle-dc |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@nigelgbanks @jefferya Would either of both of you be game to try something here or Nigel perhaps include this with the upcoming release?
Have been testing sites on ssllabs and finding while we can get an "A rating" for the most part, it would be "nice to have" the possible
A+One way that might be helpful is to use HSTS headers in traefik?
As an example, when using
nginx, one would add a header to ngnix's config or domain conf / profile.server { listen 443 ssl; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;The challenge I believe with nginx is that ISLE doesn't listen on port 443 or use ssl in the backend (right?) so perhaps instead we could review the following for
traefik?Here are a couple of sources, I've dug up so far but am not totally clear on how to implement.
This is very explicit and I think is what we want.
This is helpful for review but I'm not sure if covers everything in our setup. https://stackoverflow.com/questions/58266122/how-to-use-sts-headers-with-traefik-when-using-docker/58266123#58266123
Saving everyone a possible trip to the traefik official docs which don't seem to have anything other than a sparse Security Headers section with no explicit label
My main concern is the impact to the backend nginx / drupal service.
The text was updated successfully, but these errors were encountered: