From af91d2e0abe4174440b132ea4d046a69b97214ae Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 10 Mar 2014 12:50:06 -0300
Subject: Put HSTS header in the right place

---
 manifests/site.pp  | 2 +-
 templates/site.erb | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index fd7914a..4179c72 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -44,7 +44,7 @@ define apache::site(
     default => $mpm_user,
   }
 
-  $gid = $mpm_group? {
+  $gid = $mpm_group ? {
     ''      => regsubst($title, '\.', '_', 'G'),
     default => $mpm_group,
   }
diff --git a/templates/site.erb b/templates/site.erb
index a1a6a8a..6287326 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -7,9 +7,6 @@
    RewriteEngine On
 <% end -%>
 <% if https_redirect != false %>
-   # Use HTTP Strict Transport Security to force client to use secure connections only
-   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-
    # Redirect all HTTP to HTTPS
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
 <% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
@@ -41,6 +38,9 @@
 <% if ssl == true %>
 # begin ssl vhost for <%= title %>
 <VirtualHost <%= listen %>:443>
+   # Use HTTP Strict Transport Security to force client to use secure connections only
+   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
    ServerName <%= title %>.<%= hosting_domain %>
 <% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
    DocumentRoot <%= docroot %>
-- 
cgit v1.2.3