Welcome! Log In Create A New Profile

Advanced

Re: Key pinning / Nginx reverse proxy

Previous Message Next Message
Forum List Message List New Topic Print View
A. Schulze
February 20, 2016 06:12AM
Thierry:

> Nginx: front end - reverse proxy
> Apache2: Back end - web server

hpkp is an header served to the client as response to an https request
I would add the Public-Key-Pins on the instance terminating the HTTPS request.

without rproxy I have this in /etc/nginx/sites-enabled/example.org

server {
listen *:443 ssl http2;
server_name example.org;
ssl_certificate /etc/ssl/example.org/cert+intermediate.pem;
ssl_certificate_key /etc/ssl/example.org/key.pem;
ssl_stapling_file /etc/ssl/example.org/ocsp.response;
add_header Public-Key-Pins "max-age=42424242;
pin-sha256=\"..pin1...\"; pin-sha256=\"..pin2...\";";
...
}

Andreas

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Key pinning / Nginx reverse proxy

Thierry February 20, 2016 12:44AM

Re: Key pinning / Nginx reverse proxy

A. Schulze February 20, 2016 06:12AM

Re: Key pinning / Nginx reverse proxy

Thierry February 21, 2016 03:24AM

Re: Key pinning / Nginx reverse proxy

Francis Daly February 21, 2016 03:40AM

Re: Key pinning / Nginx reverse proxy

Thierry February 21, 2016 04:24AM

Re: Key pinning / Nginx reverse proxy

Francis Daly February 21, 2016 04:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 158
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready