Strict-Transport-Security" HTTP header is not set

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

Code: Select all

tcp     LISTEN   0        80             127.0.0.1:3306          0.0.0.0:*
tcp     LISTEN   0        511            127.0.0.1:6379          0.0.0.0:*
tcp     LISTEN   0        1024             0.0.0.0:80            0.0.0.0:*
tcp     LISTEN   0        1000             0.0.0.0:22            0.0.0.0:*
tcp     LISTEN   0        1024             0.0.0.0:443           0.0.0.0:*
tcp     LISTEN   0        511                [::1]:6379             [::]:*
tcp     LISTEN   0        1024                [::]:80               [::]:*
tcp     LISTEN   0        1000                [::]:22               [::]:*
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

yes i use letsencrypt. found that hsts, but after setting it to ON, it keeps falling back to OFF.
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

the output doesn't seems to be complete as it's missing the information about the program using these ports. Usually it should looks like this

Code: Select all

root@DietPiProd:~# ss -tulpn | grep LISTEN
tcp     LISTEN   0        1000             0.0.0.0:22             0.0.0.0:*      users:(("dropbear",pid=706,fd=3))
tcp     LISTEN   0        256            127.0.0.1:5335           0.0.0.0:*      users:(("unbound",pid=527,fd=4))
tcp     LISTEN   0        4096             0.0.0.0:3000           0.0.0.0:*      users:(("docker-proxy",pid=1220,fd=4))
tcp     LISTEN   0        5              127.0.0.1:4711           0.0.0.0:*      users:(("pihole-FTL",pid=1858,fd=12))
tcp     LISTEN   0        5              127.0.0.1:6600           0.0.0.0:*      users:(("mpd",pid=847,fd=11))
tcp     LISTEN   0        4096             0.0.0.0:9002           0.0.0.0:*      users:(("docker-proxy",pid=1239,fd=4))
tcp     LISTEN   0        1024             0.0.0.0:80             0.0.0.0:*      users:(("lighttpd",pid=840,fd=4))
tcp     LISTEN   0        32               0.0.0.0:53             0.0.0.0:*      users:(("pihole-FTL",pid=1858,fd=7))
tcp     LISTEN   0        128              0.0.0.0:1333           0.0.0.0:*      users:(("mympd",pid=958,fd=3))
tcp     LISTEN   0        1000                [::]:22                [::]:*      users:(("dropbear",pid=706,fd=4))
tcp     LISTEN   0        4096                [::]:3000              [::]:*      users:(("docker-proxy",pid=1226,fd=4))
tcp     LISTEN   0        4096                [::]:9002              [::]:*      users:(("docker-proxy",pid=1247,fd=4))
tcp     LISTEN   0        1024                [::]:80                [::]:*      users:(("lighttpd",pid=840,fd=5))
tcp     LISTEN   0        32                  [::]:53                [::]:*      users:(("pihole-FTL",pid=1858,fd=9))
root@DietPiProd:~#
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

Code: Select all

tcp     LISTEN   0        50               0.0.0.0:445           0.0.0.0:*       users:(("smbd",pid=20382,fd=31))
tcp     LISTEN   0        80             127.0.0.1:3306          0.0.0.0:*       users:(("mysqld",pid=19558,fd=26))
tcp     LISTEN   0        50               0.0.0.0:139           0.0.0.0:*       users:(("smbd",pid=20382,fd=32))
tcp     LISTEN   0        511            127.0.0.1:6379          0.0.0.0:*       users:(("redis-server",pid=19486,fd=7))
tcp     LISTEN   0        1024             0.0.0.0:80            0.0.0.0:*       users:(("lighttpd",pid=19650,fd=4))
tcp     LISTEN   0        1000             0.0.0.0:22            0.0.0.0:*       users:(("dropbear",pid=426,fd=3))
tcp     LISTEN   0        1024             0.0.0.0:443           0.0.0.0:*       users:(("lighttpd",pid=19650,fd=6))
tcp     LISTEN   0        50                  [::]:445              [::]:*       users:(("smbd",pid=20382,fd=29))
tcp     LISTEN   0        511                [::1]:6379             [::]:*       users:(("redis-server",pid=19486,fd=8))
tcp     LISTEN   0        50                  [::]:139              [::]:*       users:(("smbd",pid=20382,fd=30))
tcp     LISTEN   0        1024                [::]:80               [::]:*       users:(("lighttpd",pid=19650,fd=5))
tcp     LISTEN   0        1000                [::]:22               [::]:*       users:(("dropbear",pid=426,fd=4))
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

ok you are running lighttpd as web server. You could do following to have HSTS activated. Pls use user root

Code: Select all

cd /etc/lighttpd/conf-enabled
ln -s ../conf-available/98-dietpi-hsts.conf 98-dietpi-hsts.conf
service lighttpd force-reload
dietpi-services restart
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

ok thanks, i will follow your instructions and will report back
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

i have found an app to take care of it and it solved it. HSTS Header. Warning is gone.
Thank you
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

maybe you like to share what you have done ;)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
eglider86
Posts: 30
Joined: Sat Mar 20, 2021 10:12 am

Re: Strict-Transport-Security" HTTP header is not set

Post by eglider86 »

NC install in Apps at Tools section there is this app, i have downloaded and enabled.
User avatar
Joulinar
Posts: 4536
Joined: Sat Nov 16, 2019 12:49 am

Re: Strict-Transport-Security" HTTP header is not set

Post by Joulinar »

Maybe you like to share the name of this app?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Post Reply