summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2013-08-20 20:44:21 -0400
committerMicah Anderson <micah@leap.se>2013-08-22 09:40:51 -0400
commit613f7f12f4c907ea07e79e3e73da8f2b71d3436d (patch)
tree0464833d8aa9fa085491f463554b9a9160223fe1
parent915e7e246cf08c7d2d646c068d701ddb71df7d4a (diff)
add HSTS if hiera value for webapp['secure'] is set (#3514)
Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/api.conf.erb3
-rw-r--r--puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb3
2 files changed, 6 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
index 6a276e22..bc5ff156 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
@@ -22,6 +22,9 @@ Listen 0.0.0.0:<%= api_port %>
RequestHeader set X_FORWARDED_PROTO 'https'
<IfModule mod_headers.c>
+<% if @webapp['secure'] -%>
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+<% end -%>
Header always unset X-Powered-By
Header always unset X-Runtime
</IfModule>
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
index 9108caff..5e3960c2 100644
--- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
+++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
@@ -22,6 +22,9 @@
RequestHeader set X_FORWARDED_PROTO 'https'
<IfModule mod_headers.c>
+<% if @webapp['secure'] -%>
+ Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+<% end -%>
Header always unset X-Powered-By
Header always unset X-Runtime
</IfModule>