V2: SSLlab test A+ rating

graphixillusion · May 5, 2020, 5:43pm

Hi there. Using v1 with the instruction in here: Anyone archived A+ rating on SSL Labs? i was getting the A+ rating. Now with V2 i got only A: from the test’s log the problem seems to be “Strict Transport Security (HSTS) Invalid Server provided more than one HSTS header”. Here’s my Caddyfile:

mydomain.com {
   header {
      Strict-Transport-Security max-age=31536000;   
   }
   reverse_proxy /* 192.168.1.2:443 {
      transport http {
         tls
         tls_insecure_skip_verify
	     }
   }
}

any clue?

matt · May 5, 2020, 5:49pm

Your backend at 192.168.1.2:443 is probably also setting that header, and you’re setting it with your header directive, so there are two of them.

graphixillusion · May 5, 2020, 5:54pm

You are right. I’ve removed it and now i got A+. Is it possible to put this header directive under the reverse_proxy? I mean, this config works too just for the reverse proxy right?

mydomain.com {
   reverse_proxy /* 192.168.1.2:443 {
      header {
         Strict-Transport-Security max-age=31536000;   
      }      
   transport http {
      tls
      tls_insecure_skip_verify
	  }
   }
}

matt · May 5, 2020, 6:47pm

No, you can see the syntax of the reverse_proxy directive in the docs: reverse_proxy (Caddyfile directive) — Caddy Documentation

system · June 4, 2020, 6:52pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.