Post by JezzaOz » Tue Jun 27, 2017 12:54 pm

I have a set up an instance of opencart using nginix as server with Comodo SSL certificates. Using the same nginx configuration, if I set the web root to a 'benign' hello-world index.html then I get an 'A+' SSL Check from ssllabs. In particular that means nginx is issuing a strict transport security header HSTS.

If I change the web root to the opencart root directory the SSL check reverts to only an 'A' and the HSTS header is no longer being issued.

I am running PHP Version 5.6.30-0+deb8u1 on nginx version 1.6.2 and opencart is Version 2.3.0.3_rc with no modifications.

It appears that php or opencart is somehow disabling the HSTS header configured in nginx. I'd like to ensure it's issued, so any assistance appreciated.

Newbie

Posts

Joined
Tue Jun 27, 2017 12:26 pm
Who is online

Users browsing this forum: No registered users and 155 guests