Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. HSTS Preload

HSTS Preload

Scheduled Pinned Locked Moved Solved Feature Requests
12 Posts 5 Posters 1.9k Views 5 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #2

    The requirements are here https://hstspreload.org/ .

    I think instead of making something generic, we can possible just add a checkbox say "Enable HSTS Preload" or something.

    Jan MacenkaJ M 2 Replies Last reply
    8
    • girishG girish

      The requirements are here https://hstspreload.org/ .

      I think instead of making something generic, we can possible just add a checkbox say "Enable HSTS Preload" or something.

      Jan MacenkaJ Offline
      Jan MacenkaJ Offline
      Jan Macenka
      wrote on last edited by Jan Macenka
      #3

      @girish any news on this? As in Europe we currently have this ongoing war between Ukrain and Russia with a hight amount of cyber-attacks in circulation, it would be great to bump up the available security measures as much as possible 😉

      If you would be going to create a tunable security-setting here, it would also be really great if you could give the option to select which TLS-Versions should be supported and maybe set a sensible default to support 1.1, 1.2 and 1.3.

      Also, do you know if Cloudron uses a Version of NGINX that already supports QUIC protocol rather than TCP to transport HTTP?

      Would also be glad to lend a hand if you need support with getting this to work.

      1 Reply Last reply
      2
      • girishG girish

        The requirements are here https://hstspreload.org/ .

        I think instead of making something generic, we can possible just add a checkbox say "Enable HSTS Preload" or something.

        M Offline
        M Offline
        m-si
        wrote on last edited by
        #4

        @girish I would love to have this feature as well. Especcially as without it's impossible to register the domain at https://hstspreload.org...as you said.

        1 Reply Last reply
        1
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #5

          This is implemented now. Will be available in 7.4.

          nichu42N 1 Reply Last reply
          3
          • girishG girish marked this topic as a question on
          • girishG girish has marked this topic as solved on
          • girishG girish

            This is implemented now. Will be available in 7.4.

            nichu42N Offline
            nichu42N Offline
            nichu42
            wrote on last edited by
            #6

            @girish said in HSTS Preload:

            This is implemented now. Will be available in 7.4.

            I have just upgraded to 7.4, enabled HSTS for my Mastodon instance on blueplanet.social and tried to submitted the address to hstspreload.org, but it reports:

            Error: Multiple HSTS headers
            Response error: Multiple HSTS headers (number of HSTS headers: 3).
            

            Matrix: @nichu42:blueplanet.social

            girishG 2 Replies Last reply
            1
            • nichu42N nichu42

              @girish said in HSTS Preload:

              This is implemented now. Will be available in 7.4.

              I have just upgraded to 7.4, enabled HSTS for my Mastodon instance on blueplanet.social and tried to submitted the address to hstspreload.org, but it reports:

              Error: Multiple HSTS headers
              Response error: Multiple HSTS headers (number of HSTS headers: 3).
              
              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #7

              @nichu42 I cannot reproduce this locally, but I do see multiple HSTS headers on your website. Investigating...

              1 Reply Last reply
              1
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #8

                The header is coming from somewhere else. Only the last line is generate by Cloudron. We don't have any code to generate other two lines. So maybe this comes mastodon itself.

                < strict-transport-security: max-age=63072000; includeSubDomains
                < x-cached: MISS
                < strict-transport-security: max-age=31536000
                < strict-transport-security: max-age=63072000; includeSubDomains; preload
                
                1 Reply Last reply
                0
                • nichu42N nichu42

                  @girish said in HSTS Preload:

                  This is implemented now. Will be available in 7.4.

                  I have just upgraded to 7.4, enabled HSTS for my Mastodon instance on blueplanet.social and tried to submitted the address to hstspreload.org, but it reports:

                  Error: Multiple HSTS headers
                  Response error: Multiple HSTS headers (number of HSTS headers: 3).
                  
                  girishG Offline
                  girishG Offline
                  girish
                  Staff
                  wrote on last edited by
                  #9

                  @nichu42 ah, this is the same as https://github.com/mastodon/mastodon/issues/17083

                  nichu42N 1 Reply Last reply
                  1
                  • girishG girish

                    @nichu42 ah, this is the same as https://github.com/mastodon/mastodon/issues/17083

                    nichu42N Offline
                    nichu42N Offline
                    nichu42
                    wrote on last edited by
                    #10

                    @girish said in HSTS Preload:

                    @nichu42 ah, this is the same as https://github.com/mastodon/mastodon/issues/17083

                    Ah, thanks. So we have Mastodon + Ruby + Cloudron. Is there a way to get rid off the others and thus only have Cloudron set the header?

                    Matrix: @nichu42:blueplanet.social

                    girishG 1 Reply Last reply
                    1
                    • nichu42N nichu42

                      @girish said in HSTS Preload:

                      @nichu42 ah, this is the same as https://github.com/mastodon/mastodon/issues/17083

                      Ah, thanks. So we have Mastodon + Ruby + Cloudron. Is there a way to get rid off the others and thus only have Cloudron set the header?

                      girishG Offline
                      girishG Offline
                      girish
                      Staff
                      wrote on last edited by
                      #11

                      @nichu42 yes, am working on a fix.

                      1 Reply Last reply
                      3
                      • girishG Offline
                        girishG Offline
                        girish
                        Staff
                        wrote on last edited by
                        #12

                        Fixed in 7.4.1 - https://git.cloudron.io/cloudron/box/-/commit/cc811522e0a629dae894bbb5d0573f3c0f2bad0a

                        1 Reply Last reply
                        3
                        Reply
                        • Reply as topic
                        Log in to reply
                        • Oldest to Newest
                        • Newest to Oldest
                        • Most Votes


                        • Login

                        • Don't have an account? Register

                        • Login or register to search.
                        • First post
                          Last post
                        0
                        • Categories
                        • Recent
                        • Tags
                        • Popular
                        • Bookmarks
                        • Search