diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2011-12-05 18:34:28 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2011-12-05 18:34:28 -0200 |
| commit | f690c065246f1a31e732c0a24100401e58a1adb2 (patch) | |
| tree | 78ec1b6132e38ac754625f17a542bb304bce6fed | |
| parent | 03a5f804a20b98ccea8598aa7893c914c7fa1ee6 (diff) | |
| download | puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.gz puppet-apache-f690c065246f1a31e732c0a24100401e58a1adb2.tar.bz2 | |
HSTS support
| -rw-r--r-- | templates/site.erb | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/templates/site.erb b/templates/site.erb index 25dd22d..246e616 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -4,8 +4,12 @@ <% if server_alias != false %> ServerAlias <%= server_alias %><% end %> DocumentRoot <%= docroot %> <% if https_redirect != false %> + # Use HTTP Strict Transport Security to force client to use secure connections only + Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" + + # Redirect all HTTP to HTTPS RewriteEngine On - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301] <% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %> <% if redirect != false %> Redirect <%= redirect %><% end %> <% if aliases != false %><% aliases.each do |map| -%> |