Enable HSTS for all apache served SSL sites
authorTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:13:53 +0000 (18:13 +0000)
committerTom Hughes <tom@compton.nu>
Thu, 11 Jan 2018 18:23:31 +0000 (18:23 +0000)
cookbooks/apache/templates/default/ssl.erb

index a703b04..7b16c1b 100644 (file)
@@ -15,3 +15,5 @@ SSLStaplingErrorCacheTimeout 60
 SSLStaplingReturnResponderErrors off
 SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
+
+Header setifempty Strict-Transport-Security max-age=3600 env=HTTPS