diff options
author | Jonas Smedegaard <dr@jones.dk> | 2020-10-11 19:46:22 +0200 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2020-10-11 19:46:22 +0200 |
commit | cf5ef8b29ec7929ec81249651c8d9597d9fa6cc5 (patch) | |
tree | 1e4032403c65ee6b99c66254b43e9776236de1da | |
parent | 8ff26974e6fced7d41412e56849c00269b61bece (diff) |
enable HSTS by default
-rw-r--r-- | apache2/conf-available/local-ssl.conf | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/apache2/conf-available/local-ssl.conf b/apache2/conf-available/local-ssl.conf index 7b2cabf..e9dd2f5 100644 --- a/apache2/conf-available/local-ssl.conf +++ b/apache2/conf-available/local-ssl.conf @@ -16,6 +16,17 @@ RedirectMatch permanent ^(?!/.well-known/)(.*) https://${_HOST}/$1 </If> +# enable HSTS +# <http://www.debian-administration.org/articles/662> +<IfDefine !_NO_HSTS> +<IfDefine !_NO_HSTS_SUBDOMAINS> + Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains" +</IfModule> +<IfDefine _NO_HSTS_SUBDOMAINS> + Header add Strict-Transport-Security: "max-age=15768000" +</IfModule> +</IfModule> + <IfModule mod_gnutls.c> GnuTLSEnable on <IfDefine _TLS_KEY> |