Hello
@virtubox,
to add the HSTS header to Nginx additional configuration, would it be not ok to add it just like this?
add_header Strict-Transport-Security max-age=61536000;
Just saw that you add it at the beginning like more_set_headers , is there a difference?
Thx
Sally
@Sally1
The more_set_headers is
not part of the original Nginx source code, it is a directive belonging to the
ngx_headers_more module from
OpenResty.
A good and detailled explanation with respect to this OpenResty module can be found on
Github.
The main difference is that the
ngx_headers_more module is a bit more flexible and/or that it contains more options than the modules shipped with Nginx.
Please note that
- OpenResty is essentially a re-invention of and (in most cases, but not all cases) an improvement of Nginx : it is build on Nginx, consisting of additions to Nginx,
- OpenResty contains a whole lot of "loose ends", even though the quality in general is excellent : alignment of Nginx and OpenResty is not always certain,
- Plesk is using default Nginx : adding non-native Nginx code could be and/or become problematic.
I
highly recommend to stick to the basic Nginx, as shipped with Plesk - even though shortcomings thereof are present.
Anyway, it is not at all problematic to use the
native Ngxinx add_header directives - but beware of specific HSTS (
HTTP Strict Transport Security) pitfalls : activation of HSTS and/or changes in Nginx config might lead to unexpected results that cannot be undone easily : please test your (new) Nginx config on a development server first!
Hope the above helps a bit.
Kind regards........