N
N
Nday0012020-06-26 19:54:55
Nginx
Nday001, 2020-06-26 19:54:55

How to enable HSTS only for standard web ports (80;443)?

There is a local network. There is a router on the border of the local network and the Internet (aka NAT. Typical scheme) There is an example.com domain.
Nginx is hosted on the local network and ports 80;443 are translated (forwarded) to it. Website hosted on nginx and redirect to https enabled and HSTS enabled.
There is also an Apache httpd web server on the local network, which hosts a service website, it is accessible from the Internet on a non-standard port 8080 using the HTTP protocol.

There is a problem that after visiting the httpS://example.com:443 website, the example.com:8080 website becomes unavailable. The browser is trying to establish an https connection, because. he remembered the HSTS policy for example.com. Access to ip address xxxx:8080 is carried out without any complaints.

Question: is it possible to set the HSTS policy only for standard ports (80; 443) in the nginx config, so that when accessed via 8080, the browser does not try to switch to https?

PS There is no need to transfer apache to https and from a security point of view, distributing the private key to another machine lowers security. Also, access to the service website on port 8080 is limited by the firewall of the border router, and you don’t want to proxy it through nginx at all (and it doesn’t work on non-standard uri).

Answer the question

In order to leave comments, you need to log in

3 answer(s)
L
Lynn "Coffee Man", 2020-06-27
@Nday001

No way. HSTS is, by definition, tied to a domain.

A
Andrey Gavrilov, 2020-06-26
@thexaver

Port 80 is definitely not, because this is not an ssl port, hsts is remembered for the entire domain if there is a subdomain

K
ky0, 2020-06-26
@ky0

Non-standard ports for HTTP are a crutch. To be honest, I would just move the service site to another domain and set up a similar redirect to HTTPS.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question