diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2011-12-05 18:34:28 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2011-12-05 18:34:28 -0200 |
commit | f690c065246f1a31e732c0a24100401e58a1adb2 (patch) | |
tree | 78ec1b6132e38ac754625f17a542bb304bce6fed | |
parent | 03a5f804a20b98ccea8598aa7893c914c7fa1ee6 (diff) | |
download | puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.gz puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.bz2 |
HSTS support
-rw-r--r-- | templates/site.erb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/templates/site.erb b/templates/site.erb index 25dd22d..246e616 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -4,8 +4,12 @@ <% if server_alias != false %> ServerAlias <%= server_alias %><% end %> DocumentRoot <%= docroot %> <% if https_redirect != false %> + # Use HTTP Strict Transport Security to force client to use secure connections only + Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" + + # Redirect all HTTP to HTTPS RewriteEngine On - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301] <% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %> <% if redirect != false %> Redirect <%= redirect %><% end %> <% if aliases != false %><% aliases.each do |map| -%> |