Seamless Deployment Plan creation, time-saving duplications, insightful Group Details, an upgraded Dashboard, bug fixes, user interface polishing, refined documentation, plus more.
Although HTTP Strict Transport Security (HSTS) allows you to have reasonable certainty that your connection to Chocolatey Central Management is not intercepted, we recommend that you do not connect your Chocolatey Central Management server directly to the internet.
Chocolatey Central Management is hosted by IIS and makes use of features available by it. Below is some general information about how to enable HSTS with both IIS and a reverse proxy.
Enabling HSTS Within IIS
If you are running IIS 10.0 version 1709 or later, you can enable HSTS using the
documentation, and samples, provided by Microsoft
. If you are on newer versions of IIS, you may have access to enabling HSTS within the IIS Management Console; steps to enable it this way are below.
Open the IIS Management Console.
In the
Connection
pane, expand the server and then
Sites
to select
ChocolateyCentralManagement
.
On the right, select
HSTS
under
Configure
in the
Actions
pane.
While HSTS is available natively within IIS 10.0 version 1709, it is
possible
to use it with IIS prior to this version.
Using a Reverse Proxy to Enable HSTS
While Chocolatey Central Management runs on IIS, you could use a reverse proxy and configure HSTS on the reverse proxy server. For instance NGINX has an
article covering HSTS configuration
, or you could use Apache and follow a guide such as
this one
.
We provide this information as a reference for enabling HSTS and you should evaluate and apply the necessary configuration for your environment.
