HTTP Strict Transport Security (HSTS)

[accuraz]

I'm trying to activate HTTP Strict Transport Security (HSTS) by following NGINX's official approach.

As I understand it, its a matter of adding a header directive into ssl server block.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

I tried to add the directive in ssl server block sites-available/exemple.com.conf before and after root directory declaration and by comment it in nginx.conf

I also tried to not add header into exemple.com.conf and instead add it in nginx.conf.

None of that configuration will work.

Maybe someone here uses HSTS and successfully configured it.

Some help would be great.

Thank you per advance.

[mbomb007]

https://github.com/perusio/drupal-with-nginx/blob/D7/nginx.conf

You have to put it in nginx.conf (it's already in there, just uncomment it), and it must not be in your example.com.conf