On Thu, Dec 26, 2019 at 07:19:59PM +0100, Hermann-Josef Wehner wrote: > Dear pound - Users, > > I don't know, if I am using pound correctly, but in our environment, we > set headers in the backends. > > So, in a config-file for apache we have a stanza like this: > > > <VirtualHost *:443> > > ServerName my.server.com > > > > > > Header always set Strict-Transport-Security "max-age=31536000; > > includeSubDomains" > > > etc......
In my case, the backend is not running Apache. It's running software that I didn't write, in a language I don't know (ruby), using a custom port, and it's doing its own port-listening and request-responding. The underlying software doesn't even support HTTPS, let alone HSTS, and I'm trying to get Pound to wrap HTTPS around it. I'm about 85% of the way there, which is probably good enough, but it feels like HSTS (if I can turn it on) might be the missing key. --hymie! -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch