mod_strict_https

Introduction

This module implements HTTP Strict Transport Security and responds to all non-HTTPS requests with a 301 Moved Permanently redirect to the HTTPS equivalent of the path.

Configuration

Add the module to the modules_enabled list and optionally configure the specific header sent.

modules_enabled = {
  ...
      "strict_https";
}
hsts_header = "max-age=31556952"

Compatibility

trunk Works
0.9 Works
0.8 Doesn’t work

Installation

With the plugin installer in Prosody 0.12 you can use:

sudo prosodyctl install https://modules.prosody.im/rocks/mod_strict_https-2-1.src.rock

For other see the documentation for installing 3rd party modules