7a35901cc92ebfd0d82e120949e2b5bc10f26c16
services/Distributed-Wiki.md
| ... | ... | @@ -47,10 +47,10 @@ A custom header `X-SiteID` identifies the site you're connecting to: |
| 47 | 47 | openssl rsa -in wiki.key -outform der -pubout | openssl dgst -sha256 -binary | openssl enc -base64 |
| 48 | 48 | ``` |
| 49 | 49 | |
| 50 | - - Configure Nginx to send the fingerprint in header: |
|
| 50 | + - Configure Nginx to send the fingerprint in header (SSL block): |
|
| 51 | 51 | |
| 52 | 52 | ``` |
| 53 | -add_header Public-Key-Pins pin-sha256="<primary>"; pin-sha256="<backup>"; max-age=0; includeSubDomains'; |
|
| 53 | +add_header Public-Key-Pins pin-sha256="<primary>"; pin-sha256="<backup>"; max-age=5184000; includeSubDomains'; |
|
| 54 | 54 | ``` |
| 55 | 55 | |
| 56 | 56 | + `<primary>` - the fingerprint extracted from `wiki.key` |
| ... | ... | @@ -108,8 +108,8 @@ server { |
| 108 | 108 | ssl_certificate <path>/ssl.crt; |
| 109 | 109 | ssl_certificate_key <path>/ssl.key; |
| 110 | 110 | |
| 111 | - add_header strict-transport-security "max-age=0; includeSubDomains"; |
|
| 112 | - add_header Public-Key-Pins 'pin-sha256="<primary-pin>";pin-sha256="<backup-pin>"; max-age=0; includeSubDomains'; |
|
| 111 | + add_header strict-transport-security "max-age=5184000; includeSubDomains"; |
|
| 112 | + add_header Public-Key-Pins 'pin-sha256="<primary-pin>";pin-sha256="<backup-pin>"; max-age=5184000; includeSubDomains'; |
|
| 113 | 113 | add_header X-SiteID '<aut-num>-<cc>'; |
| 114 | 114 | |
| 115 | 115 | location / { |