I have successfully set up shiny proxy, and am using Nginx for https as recommend in the documentation. Everything is going great except that despite having added Strict Transport headers, when the website is scanned it is still showing that it does not have strict transport security headers. This i my ngnix.conf file- can anyone point out what I might be doing wrong?
server {
listen 80;
server_name mydomain;
rewrite ^(.*) https://$server_name$1 permanent;
}
server {
listen 443;
server_name mydomain;
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains” always;
access_log /var/log/nginx/shinyproxy.access.log;
error_log /var/log/nginx/shinyproxy.error.log error;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate mycertificate
ssl_certificate_key pathtomy . key
ssl_dhparam /etc/ssl/certs/dhparam.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 600s;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
}