diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-03-10 12:50:06 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-03-10 12:50:06 -0300 |
| commit | af91d2e0abe4174440b132ea4d046a69b97214ae (patch) | |
| tree | f095bcfdae163e30405c5c6eed878880cd5ea6a2 /templates | |
| parent | a2ffe846a3693aa68d0c744137f616edd54dac3d (diff) | |
| download | puppet-apache-af91d2e0abe4174440b132ea4d046a69b97214ae.tar.gz puppet-apache-af91d2e0abe4174440b132ea4d046a69b97214ae.tar.bz2 | |
Put HSTS header in the right place
Diffstat (limited to 'templates')
| -rw-r--r-- | templates/site.erb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/templates/site.erb b/templates/site.erb index a1a6a8a..6287326 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -7,9 +7,6 @@ RewriteEngine On <% end -%> <% if https_redirect != false %> - # Use HTTP Strict Transport Security to force client to use secure connections only - Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" - # Redirect all HTTP to HTTPS RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %> <% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %> @@ -41,6 +38,9 @@ <% if ssl == true %> # begin ssl vhost for <%= title %> <VirtualHost <%= listen %>:443> + # Use HTTP Strict Transport Security to force client to use secure connections only + Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" + ServerName <%= title %>.<%= hosting_domain %> <% if server_alias != false %> ServerAlias <%= server_alias %><% end %> DocumentRoot <%= docroot %> |