Add Strict Transport Security (HSTS) to Plesk Panel

[Lloyd_mcse]

I have tried this on Plesk 11.5 and Plesk 12.0.10 Preview running on Ubuntu 12.04.4 LTS...

Locate the file

/etc/sw-cp-server/conf.d/plesk.conf

And add the normal Nginx HSTS directive under the certificate entries like so..

ssl_certificate /opt/psa/admin/conf/httpsd.pem;
ssl_certificate_key /opt/psa/admin/conf/httpsd.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Save the file and restart the Plesk server..

service sw-cp-server restart

Now you have Strict Transport Security on your panel.

Perhaps someone from Parallels can confirm when and if this file gets overwritten?

Anyway I hope it helps someone else.
Kind regards

Lloyd

 

[IgorG]

This config file will be overwritten only during Plesk upgrade. Therefore you need to modify this file after upgrade again.

 

[Lloyd_mcse]

Lovely, thanks Igor
I'll keep an eye on it.

For anyone else interested in having HSTS built in to Plesk there is a feature request at uservoice

 

[KamalG]

I have voted for the feature request.