HSTS (HTTP Strict Transport Security) is a feature supported by all major browsers, and it’s a method for websites to declare that they should ONLY be accessed securely over HTTPS and never over an unencrypted HTTP connection. If a site has an HSTS policy, browsers will refuse all insecure connections to that site AND prevent users from accepting insecure SSL certificates. This, however, can come with certain risks to availability if not implemented correctly, as you will read later…Read More
We know our browsers support it, and we know AWS, Akamai, and other big players support it within their infrastructure already…but do your applications and/or on-prem infrastructure have what it takes to leverage the awesomeness that is HTTP/2?
Think about it. We went from HTTP/0.9, to HTTP/1.0, to HTTP/1.1…to a full version upgrade of HTTP/2. That alone should tell you that there are some very interesting features lurking underneath the hood. This is the missing in-depth summary that you have been missing while being overloaded with too much information reading official specs and getting lost in sensory-overload-causing diagrams. Welcome to HTTP/2 – the missing summary.Read More
This may sound stupid, but at a low level, it’s often something that remains unknown to many in the IT industry — even seasoned professionals.
At the highest level, DNS is the basic protocol that maps hostnames to IP addresses. But there’s a whole lot more going on behind the scenes…Read More
You are running Nginx as a webserver or reverse proxy, where you will be terminating SSL.
You are looking for the following functionality:
http://domain.com => https://www.domain.com
https://domain.com => https://www.domain.com
http://www.domain.com => https://www.domain.com
https://www.domain.com => https://www.domain.com