[tor-commits] [flashproxy/master] turn hsts on with header on Apache.
dcf at torproject.org
dcf at torproject.org
Sun May 19 01:53:38 UTC 2013
commit 0c79f86414e147b3ebd16d47f8da579be36ba56b
Author: Eduardo Stalinho <eduardooc.86 at gmail.com>
Date: Thu May 9 04:56:36 2013 -0300
turn hsts on with header on Apache.
---
doc/facilitator-howto.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/facilitator-howto.txt b/doc/facilitator-howto.txt
index 53cc897..1945a17 100644
--- a/doc/facilitator-howto.txt
+++ b/doc/facilitator-howto.txt
@@ -126,7 +126,7 @@ It also installs System V init files to /etc/init.d/.
Apache is the web server that runs the CGI program.
# apt-get install apache2 libapache2-mod-evasive
- # a2enmod ssl
+ # a2enmod ssl headers
Edit /etc/apache2/ports.conf and comment out the port 80 configuration.
@@ -146,6 +146,7 @@ these contents:
SSLEngine on
SSLCertificateFile /etc/apache2/fp-facilitator.pem
SSLCertificateChainFile /etc/apache2/intermediate.pem
+ Header add Strict-Transport-Security "max-age=15768000"
</VirtualHost>
intermediate.pem is a possible intermediate certificate file provided by
the CA; if you did not get one, then leave off the
More information about the tor-commits
mailing list