Changes

From SME Server
Jump to navigationJump to search
1,802 bytes removed ,  16:53, 24 March 2016
m
→‎Strict Transport Security: Linked to new wiki page describing HSTS and HPKP
Line 125: Line 125:  
  The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
 
  The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
   −
A resolution for this was presented in forum thread [http://forums.contribs.org/index.php/topic,51916.0.html owncloud 8.1,1, Strict-Transport-Security and SME 9], in which mmccarn suggested a couple of minor changes that handle the task nicely.
+
HTTP Strict Transport Security can be enabled as described at [[HSTS and HPKP]].
 
  −
The first step is to verify that the Apache headers module is loaded. You can look in the file httpd.conf for "LoadModule headers_module modules/mod_headers.so". Also, Xavier.A offered the command,
  −
 
  −
apachectl -t -D DUMP_MODULES 2>&1 | grep header
  −
 
  −
as a way to check for the module. The command returns "headers_module (shared)" if the header module is loaded.
  −
 
  −
Next, create a custom template to add the header directive. The template content shown here adds the directive to all virtual hosts (aka iBays). The custom template is placed in /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/. Name the template file "04StrictTransportSecurity". This important as the file name also dictates the order of loading. Put the following directive in the file:
  −
 
  −
### added to support ownCloud 8 ###
  −
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  −
 
  −
{{Note box|You may test this approach by modifying the httpd.conf file directly, and adding the directive in the ServerAlias section. However, this will be overwritten when the server is updated or reconfigured.}}
  −
 
  −
With the template in place, upgrade and reboot the system.
  −
 
  −
signal-event post-upgrade; signal-event reboot;
  −
 
  −
When the system is up and running again, check the ownCloud admin panel to verify the warning no longer appears.
  −
 
  −
=====Further Reading=====
  −
The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools availalble on the web.
      
====Fail2Ban====
 
====Fail2Ban====
147

edits

Navigation menu