Key pinning / Nginx reverse proxy
Thierry
lenaigst at maelenn.org
Sun Feb 21 08:22:31 UTC 2016
Dear Andreas,
Thx for your help, but I still do have the same problem.
Public Key Pinning (HPKP) No
I don't know what to do anymore ...
Thierry
Le samedi 20 février 2016 à 13:10:16, vous écriviez :
> Thierry:
>> Nginx: front end - reverse proxy
>> Apache2: Back end - web server
> hpkp is an header served to the client as response to an https request
> I would add the Public-Key-Pins on the instance terminating the HTTPS request.
> without rproxy I have this in /etc/nginx/sites-enabled/example.org
> server {
> listen *:443 ssl http2;
> server_name example.org;
> ssl_certificate
> /etc/ssl/example.org/cert+intermediate.pem;
> ssl_certificate_key /etc/ssl/example.org/key.pem;
> ssl_stapling_file /etc/ssl/example.org/ocsp.response;
> add_header Public-Key-Pins "max-age=42424242;
> pin-sha256=\"..pin1...\"; pin-sha256=\"..pin2...\";";
> ...
> }
> Andreas
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Cordialement,
Thierry e-mail : lenaigst at maelenn.org
More information about the nginx
mailing list