Apache設定HSTS
1. 開啟apache headers模組
1 | sudo a2enmod headers |
2. 重新啟動apache server
1 | sudo service apache2 restart |
3. 設定/etc/apache2/conf-available/security.conf,加上 header 設定
1 | Header always set Strict-Transport-Security "max-age=31536000;includeSubdomains; preload" |
4. 重新載入設定
1 | sudo service apache2 reload |