Key pinning / Nginx reverse proxy

Thierry lenaigst at maelenn.org
Sun Feb 21 08:22:31 UTC 2016


Dear Andreas,

Thx for your help, but I still do have the same problem.

Public Key Pinning (HPKP)       No

I don't know what to do anymore ...

Thierry



Le samedi 20 février 2016 à 13:10:16, vous écriviez :


> Thierry:

>> Nginx: front end - reverse proxy
>> Apache2: Back end - web server

> hpkp is an header served to the client as response to an https request
> I would add the Public-Key-Pins on the instance terminating the HTTPS request.

> without rproxy I have this in /etc/nginx/sites-enabled/example.org

> server {
>      listen                      *:443 ssl http2;
>      server_name                 example.org;
>      ssl_certificate            
> /etc/ssl/example.org/cert+intermediate.pem;
>      ssl_certificate_key         /etc/ssl/example.org/key.pem;
>      ssl_stapling_file           /etc/ssl/example.org/ocsp.response;
>      add_header                  Public-Key-Pins "max-age=42424242;  
> pin-sha256=\"..pin1...\"; pin-sha256=\"..pin2...\";";
>      ...
> }

> Andreas

> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



-- 
Cordialement,
 Thierry                            e-mail : lenaigst at maelenn.org



More information about the nginx mailing list