Adding HSTS header in the NGINX based App Service
Published Oct 31 2022 12:23 AM 1,325 Views
Microsoft

Azure App Service on Linux images using PHP 8.x are now bundled with NGINX instead of Apache. The use of .htaccess files will not work for NGINX as these are used for Apache only. This will require the need to setup a custom startup script and modifying the existing NGINX site configuration.

 

karthi2210_0-1667197218802.png

 

Navigate to your App Service via the Azure Portal. Under the Development Tools section, select SSH then Go -->.

Modifying the default site config

You will want to make a copy of the existing configuration and place the file inside the /home/site directory.

 

cp /etc/nginx/sites-available/default /home/site/default

Once you created a default page as in the previous step, please update the location block to add HSTS Header and create the custom startup script as mentioned below

  

location / {           

index  index.php index.html index.htm hostingstart.html;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

}

Creating the custom startup script

You will now need to create a custom startup script and save the file as /home/site/startup.sh

#!/bin/bash

cp /home/site/default /etc/nginx/sites-available/default
service nginx reload

In the custom startup script, we are doing the following:

  1. Overriding the existing /etc/nginx/sites-available/default file with the /home/site/default file.
  2. Reloading the NGINX service to make the updates take effect.

Updating the application settings

Navigate back to your App Service via the Azure Portal. Under the Settings section, select Configuration.

Go over to the General Settings section of the Configuration blade.

For the Startup Command enter the following: /home/site/startup.sh

Save these settings and navigate to your application https://{sitename}.azurewebsites.net/

 

Please refer to the document https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/

Co-Authors
Version history
Last update:
‎Oct 30 2022 11:35 PM
Updated by: