aaPanel forces HSTS on domains which makes them inaccessible without a valid SSL certificate. How can you disable this?

Where can I edit the HSTS parameters? When you set FORCE HTTPS to domains it adds this value in the headers. You should consider removing the preload tag. It makes your website inaccessible without a valid SSL certificate. And that's not good for testing purposes because you need to put down and rebuild a site several times. @aaPanel_Jose @aaPanel_Captain @aapanel_power ![

deewinc Currently we have no relevant settings, you need to manually modify the configuration file Nginx： Apache: Not set by default In addition, the perload parameter is not added by default

[unknown] u are realy mytherfucker human

aaPanel forces HSTS on domains

deewinc

Thanks for that. But I'm not the one who added it. Any domain or subdomain that I add it appears by default

deewinc

aaPanel_Jose @aapanel_sniper

I have realized that it's added when you request for SSL.

Any domains without an SSL don't have the security headers.

Please fix it and remove "preload" on HSTS

x3inspire

aaPanel_Jose

Which line need to added if using Litespeed?

aaPanel_Kern

x3inspire
Hello, add the following to the configuration file of the website and restart OLS: Please backup before modifying

context / {
allowBrowse 1
extraHeaders Strict-Transport-Security "max-age=31536000; includeSubDomains;preload"
rewrite {
}
addDefaultCharset off
phpIniOverride {
}
}

shahinsafari

aaPanel_Kern Hello, whatever I do, it doesn't get disabled. I also removed the HSTS code. Do you suggest that the problem might be due to nginx 1.22?
I have Debian 11

shahinsafari

aaPanel_Kern
Please tell me if it's not adjustable so I can stop doing the various settings because I'm confused

I saw that you asked someone before
Did you activate web speed? Yes, I activated it and then deleted web speed

Content-Type: text/html; charset=UTF-8
Connection: close
X-Redirect-By: WordPress
Location: https://domain.com/
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
X-Cache: HIT From domain.com
Cache-Control: max-age=0
Nginx-Cache: HIT
Last-Modified: Monday, 15-Jan-2024 16:18:15 GMT
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

aaPanel_Kern

Hello, you need to test this yourself. Do you use incognito mode to access? Do you want to restart nginx after modifying the configuration?

shahinsafari

aaPanel_Kern 1- no 2- yes

See, I removed it from this section, but it does not apply
add_header Strict-Transport-Security "max-age=63072000;";

shahinsafari

aaPanel_Kern
Hello, I thank God
My problem is solved

See, I deleted the site without deleting the database and root, I rebuilt the site, but I did not do this from the Wordpress deploy section, is there a problem?

2- Could I do the same thing I did using the Wordpress deploy method?

shahinsafari

aaPanel_Kern
@aaP_syedsabahathussain
kern I found a dear friend HSTS off

shahinsafari

@aaPanel_Kern
I also put it with the Wordpress deploy method, thank you

Put the possibility of deleting and editing in the aapanel forum so that when the problem is solved, we will delete the article so that it does not take up your time

aaP_syedsabahathussain

shahinsafari
how your problem solved please guide

aaP_syedsabahathussain

aaP_syedsabahathussain @aaPanel_Kern

aaP_syedsabahathussain

shahinsafari

aaP_syedsabahathussain
Hello, what is your problem, please explain?

I think your ssl is not active

aaP_syedsabahathussain

shahinsafari
SSL is Properly working

shahinsafari

aaP_syedsabahathussain
Hello, sorry, I replied late, my server exploded 🤣

Your site may not be redirected correctly

or ssl is not activated correctly, re-enable the ssl certificate

shahinsafari

aaP_syedsabahathussain I found a dear friend