diff options
author | Micah Anderson <micah@leap.se> | 2013-08-20 20:44:21 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2013-08-22 09:40:51 -0400 |
commit | 613f7f12f4c907ea07e79e3e73da8f2b71d3436d (patch) | |
tree | 0464833d8aa9fa085491f463554b9a9160223fe1 /puppet/modules/site_apache | |
parent | 915e7e246cf08c7d2d646c068d701ddb71df7d4a (diff) |
add HSTS if hiera value for webapp['secure'] is set (#3514)
Change-Id: Idd413349ec0b99835a1cbb4fb4c4fcef1a8fdeab
Diffstat (limited to 'puppet/modules/site_apache')
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 3 | ||||
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index 6a276e22..bc5ff156 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -22,6 +22,9 @@ Listen 0.0.0.0:<%= api_port %> RequestHeader set X_FORWARDED_PROTO 'https' <IfModule mod_headers.c> +<% if @webapp['secure'] -%> + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" +<% end -%> Header always unset X-Powered-By Header always unset X-Runtime </IfModule> diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb index 9108caff..5e3960c2 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb @@ -22,6 +22,9 @@ RequestHeader set X_FORWARDED_PROTO 'https' <IfModule mod_headers.c> +<% if @webapp['secure'] -%> + Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" +<% end -%> Header always unset X-Powered-By Header always unset X-Runtime </IfModule> |