summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2020-10-11 19:46:22 +0200
committerJonas Smedegaard <dr@jones.dk>2020-10-11 19:46:22 +0200
commitcf5ef8b29ec7929ec81249651c8d9597d9fa6cc5 (patch)
tree1e4032403c65ee6b99c66254b43e9776236de1da
parent8ff26974e6fced7d41412e56849c00269b61bece (diff)
enable HSTS by default
-rw-r--r--apache2/conf-available/local-ssl.conf11
1 files changed, 11 insertions, 0 deletions
diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf
index 7b2cabf..e9dd2f5 100644
--- a/apache2/conf-available/local-ssl.conf
+++ b/apache2/conf-available/local-ssl.conf
@@ -16,6 +16,17 @@
RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1
</If>
+# enable HSTS
+# <http://www.debian-administration.org/articles/662>
+<IfDefine !_NO_HSTS>
+<IfDefine !_NO_HSTS_SUBDOMAINS>
+ Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
+</IfModule>
+<IfDefine _NO_HSTS_SUBDOMAINS>
+ Header add Strict-Transport-Security: "max-age=15768000"
+</IfModule>
+</IfModule>
+
<IfModule mod_gnutls.c>
GnuTLSEnable on
<IfDefine _TLS_KEY>