diff options
| -rw-r--r-- | apache2/conf-available/local-ssl.conf | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf index 7b2cabf..e9dd2f5 100644 --- a/apache2/conf-available/local-ssl.conf +++ b/apache2/conf-available/local-ssl.conf @@ -16,6 +16,17 @@ RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1 </If> +# enable HSTS +# <http://www.debian-administration.org/articles/662> +<IfDefine !_NO_HSTS> +<IfDefine !_NO_HSTS_SUBDOMAINS> + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" +</IfModule> +<IfDefine _NO_HSTS_SUBDOMAINS> + Header add Strict-Transport-Security: "max-age=15768000" +</IfModule> +</IfModule> + <IfModule mod_gnutls.c> GnuTLSEnable on <IfDefine _TLS_KEY> |