From af91d2e0abe4174440b132ea4d046a69b97214ae Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 10 Mar 2014 12:50:06 -0300
Subject: Put HSTS header in the right place

---
 templates/site.erb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'templates')

diff --git a/templates/site.erb b/templates/site.erb
index a1a6a8a..6287326 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -7,9 +7,6 @@
    RewriteEngine On
 <% end -%>
 <% if https_redirect != false %>
-   # Use HTTP Strict Transport Security to force client to use secure connections only
-   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-
    # Redirect all HTTP to HTTPS
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
 <% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
@@ -41,6 +38,9 @@
 <% if ssl == true %>
 # begin ssl vhost for <%= title %>
 <VirtualHost <%= listen %>:443>
+   # Use HTTP Strict Transport Security to force client to use secure connections only
+   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
    ServerName <%= title %>.<%= hosting_domain %>
 <% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
    DocumentRoot <%= docroot %>
-- 
cgit v1.2.3