Two factor authentication with YubiKey

Two factor authentication with OTP – as provided by YubiKey – makes you sleep well at night again. I recently figured that these substantially increase your password security – with what you know and what you have. They are very easy integrated into PAM – and the good news is […]


Enabling HSTS on nginx II

I have to add a correction to my previous article “Enabling HSTS on nginx“: You can and should enable it on http as well, so that visitors of your website offer from this additional security benefit as well – when they come back.


Nginx + IPv6: “98: Address already in use”

If you get this message, you have to change your “listen” statement from listen 94.229.77.82:80; listen [2a01:348:226:dead:beef:dead:beef:dead]:80; to listen 94.229.77.82:443; listen [2a01:348:226:dead:beef:dead:beef:dead]:443 ipv6only=on; For some add reason the first statement (without “ipv6only”) was working for me for some time… odd.


Enabling HSTS on nginx

If you want to enable HSTS on your nginx webserver, this is how you do it: add_header Strict-Transport-Security “max-age=315360000; includeSubdomains”; You need to put this only on the https server, not on the http only server – it wont work on http only.