Annotate

mod_strict_https/README.markdown @ 5467:1c78a97a1091

mod_http_oauth2: Add a special "xmpp" scope that grants the users' default role This will be the first step towards defining a standard set of XMPP scopes. "xmpp" behaves as an alias for the user's default role, so that the client does not need to know about the various prosody:* roles.
author Kim Alvefur <zash@zash.se>
date Wed, 17 May 2023 19:40:27 +0200
parent 5415:f8797e3284ff
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
1 ---
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
2 summary: HTTP Strict Transport Security
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
3 ---
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
5 # Introduction
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
7 This module implements [RFC 6797: HTTP Strict Transport Security] and
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
8 responds to all non-HTTPS requests with a `301 Moved Permanently`
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
9 redirect to the HTTPS equivalent of the path.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
11 # Configuration
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
13 Add the module to the `modules_enabled` list and optionally configure
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
14 the specific header sent.
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
16 ``` lua
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
17 modules_enabled = {
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
18 ...
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
19 "strict_https";
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
20 }
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
21 hsts_header = "max-age=31556952"
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
22 ```
1782
29f3d6b7ad16 Import wiki pages
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23
5415
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
24 If the redirect from `http://` to `https://` causes trouble with
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
25 internal use of HTTP APIs it can be disabled:
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
26
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
27 ``` lua
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
28 hsts_redirect = false
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
29 ```
f8797e3284ff mod_strict_https: Add way to disable redirect
Kim Alvefur <zash@zash.se>
parents: 5414
diff changeset
30
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
31 # Compatibility
1803
4d73a1a6ba68 Convert all wiki pages to Markdown
Kim Alvefur <zash@zash.se>
parents: 1782
diff changeset
32
5414
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
33 ------- -------------
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
34 trunk Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
35 0.12 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
36 0.11 Should work
0c8e6269ea38 mod_strict_https: Refresh README
Kim Alvefur <zash@zash.se>
parents: 1803
diff changeset
37 ------- -------------