summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-12-05 18:34:28 -0200
committerSilvio Rhatto <rhatto@riseup.net>2011-12-05 18:34:28 -0200
commitf690c065246f1a31e732c0a24100401e58a1adb2 (patch)
tree78ec1b6132e38ac754625f17a542bb304bce6fed
parent03a5f804a20b98ccea8598aa7893c914c7fa1ee6 (diff)
downloadpuppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.gz
puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.bz2
HSTS support
-rw-r--r--templates/site.erb6
1 files changed, 5 insertions, 1 deletions
diff --git a/templates/site.erb b/templates/site.erb
index 25dd22d..246e616 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -4,8 +4,12 @@
<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
DocumentRoot <%= docroot %>
<% if https_redirect != false %>
+ # Use HTTP Strict Transport Security to force client to use secure connections only
+ Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
+ # Redirect all HTTP to HTTPS
RewriteEngine On
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+ RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
<% if redirect != false %> Redirect <%= redirect %><% end %>
<% if aliases != false %><% aliases.each do |map| -%>