MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: Spacedust on 2021-06-15, 19:09:14

Title: How to add HSTS with preloading to Kloxo when using nginx
Post by: Spacedust on 2021-06-15, 19:09:14
1. Logon to Kloxo.

2. Choose Domains -> yourdomainname.com -> Web Features -> change exisiting HTTPS header to:

Code: [Select]
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always
click Update

3. Then Choose Domains -> yourdomainname.com -> Web Basics -> select Force Redirect 'domain.com' To 'www.domain.com'  and Force Redirect 'http' To 'https' then click Update.

4. Edit /opt/configs/nginx/conf/domains/yourdomainname.com and change line (only the first occurence, leave the second one untouched):
 
Change:

Code: [Select]
  if ($host ~* ^(yourdomainname.com)$) {
                rewrite ^/(.*) 'http://www.yourdomainname.com/$1' permanent;
        }

to

Code: [Select]
  if ($host ~* ^(yourdomainname.com)$) {
                rewrite ^/(.*) 'https://yourdomainname.com/$1' permanent;
        }

and save the file.

5. Restart nginx with:

Code: [Select]
service nginx restart
6. Go to: https://hstspreload.org/

Enter your domain and click the button under domain field.

7. Check both checkboxes "I am the site owner..." and "I understand that preloading...". and click "Submit..." button.