summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2014-03-10 12:50:06 -0300
committerSilvio Rhatto <rhatto@riseup.net>2014-03-10 12:50:06 -0300
commitaf91d2e0abe4174440b132ea4d046a69b97214ae (patch)
treef095bcfdae163e30405c5c6eed878880cd5ea6a2
parenta2ffe846a3693aa68d0c744137f616edd54dac3d (diff)
downloadpuppet-apache-af91d2e0abe4174440b132ea4d046a69b97214ae.tar.gz
puppet-apache-af91d2e0abe4174440b132ea4d046a69b97214ae.tar.bz2
Put HSTS header in the right place
-rw-r--r--manifests/site.pp2
-rw-r--r--templates/site.erb6
2 files changed, 4 insertions, 4 deletions
diff --git a/manifests/site.pp b/manifests/site.pp
index fd7914a..4179c72 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -44,7 +44,7 @@ define apache::site(
default => $mpm_user,
}
- $gid = $mpm_group? {
+ $gid = $mpm_group ? {
'' => regsubst($title, '\.', '_', 'G'),
default => $mpm_group,
}
diff --git a/templates/site.erb b/templates/site.erb
index a1a6a8a..6287326 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -7,9 +7,6 @@
RewriteEngine On
<% end -%>
<% if https_redirect != false %>
- # Use HTTP Strict Transport Security to force client to use secure connections only
- Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-
# Redirect all HTTP to HTTPS
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
<% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
@@ -41,6 +38,9 @@
<% if ssl == true %>
# begin ssl vhost for <%= title %>
<VirtualHost <%= listen %>:443>
+ # Use HTTP Strict Transport Security to force client to use secure connections only
+ Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
ServerName <%= title %>.<%= hosting_domain %>
<% if server_alias != false %> ServerAlias <%= server_alias %><% end %>
DocumentRoot <%= docroot %>