mod_strict_https

Introduction

This module implements RFC 6797: HTTP Strict Transport Security and responds to all non-HTTPS requests with a 301 Moved Permanently redirect to the HTTPS equivalent of the path.

Configuration

Add the module to the modules_enabled list and optionally configure the specific header sent.

modules_enabled = {
  ...
      "strict_https";
}
hsts_header = "max-age=31556952"

If the redirect from http:// to https:// causes trouble with internal use of HTTP APIs it can be disabled:

hsts_redirect = false

Compatibility

trunk Should work
0.12 Should work
0.11 Should work

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install --server=https://modules.prosody.im/rocks/ mod_strict_https

For earlier versions see the documentation for installing 3rd party modules