Here’s how you can add HTTP Strict Transport Security (HSTS) to your Plesk Panel.
This only applies to Plesk 11.5.30 and Plesk 12.0.18, older versions used lighttpd.
Locate the file and edit with your favourite editor…
1 |
/etc/sw-cp-server/conf.d/plesk.conf |
And add the normal Nginx HSTS directive under the certificate entries like so…
1 2 3 |
ssl_certificate /opt/psa/admin/conf/httpsd.pem; ssl_certificate_key /opt/psa/admin/conf/httpsd.pem; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; |
Save the file and restart the Plesk server…
1 |
service sw-cp-server restart |
Now you have Strict Transport Security on your panel.
I will show you how to add OCSP to your Plesk Panel later in the week.
To add HSTS to domains hosted on Plesk, see Secure Redirect in Plesk