Enable HSTS for all apache served SSL sites

author Tom Hughes <tom@compton.nu>

Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)

committer Tom Hughes <tom@compton.nu>

Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)
author Tom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)
committer Tom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)
diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb

index a703b04..7b16c1b 100644 (file)
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -15,3 +15,5 @@ SSLStaplingErrorCacheTimeout 60
  SSLStaplingReturnResponderErrors off
  SSLStaplingFakeTryLater off
  SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
+
+Header setifempty Strict-Transport-Security max-age=3600 env=HTTPS
author	Tom Hughes <tom@compton.nu>
	Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)
committer	Tom Hughes <tom@compton.nu>
	Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)