Fossil SCM
Linked the new TLS + nginx guide to an nginx blog on enabling HSTS.
Commit
30d577a7958e27d4167dc53ab76e56d03aef4fdd075904cd7cc9b65a2712e040
Parent
43166dcda39e8f5…
1 file changed
+3
-1
+3
-1
| --- www/tls-nginx.md | ||
| +++ www/tls-nginx.md | ||
| @@ -336,11 +336,12 @@ | ||
| 336 | 336 | permanent redirect is intercepted, allowing the attacker to prevent the |
| 337 | 337 | automatic upgrade of the connection to a secure TLS-encrypted one. I |
| 338 | 338 | didn’t enable that in the configuration above, because it is something a |
| 339 | 339 | site administrator should enable only after the configuration is tested |
| 340 | 340 | and stable, and then only after due consideration. There are ways to |
| 341 | -lock your users out of your site by jumping to HSTS hastily. | |
| 341 | +lock your users out of your site by jumping to HSTS hastily. When you’re | |
| 342 | +ready, there are [guides you can follow][nest] elsewhere online. | |
| 342 | 343 | |
| 343 | 344 | |
| 344 | 345 | ### HTTP-Only Service |
| 345 | 346 | |
| 346 | 347 | While we’d prefer not to offer HTTP service at all, we need to do so for |
| @@ -582,9 +583,10 @@ | ||
| 582 | 583 | [cbnu]: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx |
| 583 | 584 | [fd]: https://fossil-scm.org/forum/forumpost/ae6a4ee157 |
| 584 | 585 | [hsts]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security |
| 585 | 586 | [lja]: https://en.wikipedia.org/wiki/Logjam_(computer_security) |
| 586 | 587 | [mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack |
| 588 | +[nest]: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ | |
| 587 | 589 | [ocsp]: https://en.wikipedia.org/wiki/OCSP_stapling |
| 588 | 590 | [qslt]: https://www.ssllabs.com/ssltest/ |
| 589 | 591 | [scgi]: https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface |
| 590 | 592 | [vps]: https://en.wikipedia.org/wiki/Virtual_private_server |
| 591 | 593 |
| --- www/tls-nginx.md | |
| +++ www/tls-nginx.md | |
| @@ -336,11 +336,12 @@ | |
| 336 | permanent redirect is intercepted, allowing the attacker to prevent the |
| 337 | automatic upgrade of the connection to a secure TLS-encrypted one. I |
| 338 | didn’t enable that in the configuration above, because it is something a |
| 339 | site administrator should enable only after the configuration is tested |
| 340 | and stable, and then only after due consideration. There are ways to |
| 341 | lock your users out of your site by jumping to HSTS hastily. |
| 342 | |
| 343 | |
| 344 | ### HTTP-Only Service |
| 345 | |
| 346 | While we’d prefer not to offer HTTP service at all, we need to do so for |
| @@ -582,9 +583,10 @@ | |
| 582 | [cbnu]: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx |
| 583 | [fd]: https://fossil-scm.org/forum/forumpost/ae6a4ee157 |
| 584 | [hsts]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security |
| 585 | [lja]: https://en.wikipedia.org/wiki/Logjam_(computer_security) |
| 586 | [mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack |
| 587 | [ocsp]: https://en.wikipedia.org/wiki/OCSP_stapling |
| 588 | [qslt]: https://www.ssllabs.com/ssltest/ |
| 589 | [scgi]: https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface |
| 590 | [vps]: https://en.wikipedia.org/wiki/Virtual_private_server |
| 591 |
| --- www/tls-nginx.md | |
| +++ www/tls-nginx.md | |
| @@ -336,11 +336,12 @@ | |
| 336 | permanent redirect is intercepted, allowing the attacker to prevent the |
| 337 | automatic upgrade of the connection to a secure TLS-encrypted one. I |
| 338 | didn’t enable that in the configuration above, because it is something a |
| 339 | site administrator should enable only after the configuration is tested |
| 340 | and stable, and then only after due consideration. There are ways to |
| 341 | lock your users out of your site by jumping to HSTS hastily. When you’re |
| 342 | ready, there are [guides you can follow][nest] elsewhere online. |
| 343 | |
| 344 | |
| 345 | ### HTTP-Only Service |
| 346 | |
| 347 | While we’d prefer not to offer HTTP service at all, we need to do so for |
| @@ -582,9 +583,10 @@ | |
| 583 | [cbnu]: https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx |
| 584 | [fd]: https://fossil-scm.org/forum/forumpost/ae6a4ee157 |
| 585 | [hsts]: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security |
| 586 | [lja]: https://en.wikipedia.org/wiki/Logjam_(computer_security) |
| 587 | [mitm]: https://en.wikipedia.org/wiki/Man-in-the-middle_attack |
| 588 | [nest]: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/ |
| 589 | [ocsp]: https://en.wikipedia.org/wiki/OCSP_stapling |
| 590 | [qslt]: https://www.ssllabs.com/ssltest/ |
| 591 | [scgi]: https://en.wikipedia.org/wiki/Simple_Common_Gateway_Interface |
| 592 | [vps]: https://en.wikipedia.org/wiki/Virtual_private_server |
| 593 |