diff options
| -rw-r--r-- | manifests/init.pp | 3 | ||||
| -rw-r--r-- | templates/site.erb | 11 |
2 files changed, 11 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 96bd9f8..6b7b382 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -190,7 +190,8 @@ class apache { $mpm = true, $mpm_user = '', $mpm_group = '', $password = '*', $comment = '', $sshkey = absent, $groups = '', $shell = '/bin/false', $manage_user = true, - $ssl = false, $listen = '*', $https_redirect = false) { + $ssl = false, $listen = '*', $https_redirect = false, + $canonical = false) { $vhost = $filename ? { '' => "$title", diff --git a/templates/site.erb b/templates/site.erb index 3545e62..4daf2be 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -3,12 +3,14 @@ ServerName <%= title %>.<%= hosting_domain %> <% if server_alias != false %> ServerAlias <%= server_alias %><% end %> DocumentRoot <%= docroot %> - <% if https_redirect != false %> +<% if https_redirect != false or canonical != false %> + RewriteEngine On +<% end -%> +<% if https_redirect != false %> # Use HTTP Strict Transport Security to force client to use secure connections only Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains" # Redirect all HTTP to HTTPS - RewriteEngine On RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %> <% if redirect_match != false %> RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %> <% if redirect != false %> Redirect <%= redirect %><% end %> @@ -23,6 +25,11 @@ AssignUserId <%= user %> <%= gid %> </IfModule> <% end %> +<% if canonical != false %> + RewriteCond %{HTTP_HOST} !=<%= canonical %> [NC] + RewriteCond %{HTTP_HOST} !="" + RewriteRule ^/(.*) https://<%= canonical %>/$1 [L,R=301] +<% end %> </VirtualHost> # end vhost for <%= title %> <% if ssl == true %> |