projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 92fe4a4)
Enable HSTS for all apache served SSL sites
authorTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)
cookbooks/apache/templates/default/ssl.erb patch | blob | history

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index a703b04c7a518c9e6e241315af11c86adc5033d9..7b16c1bbda3b1acb30979a08043c99891f4a6922 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -15,3 +15,5 @@ SSLStaplingErrorCacheTimeout 60
 SSLStaplingReturnResponderErrors off
 SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
+
+Header setifempty Strict-Transport-Security max-age=3600 env=HTTPS
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.