Allow setting strict transport security header

commit: d075dd2e07fb2f17a566fcca2a0fc575792eea71 [log] [tgz]
author: Filip Pytloun <filip@pytloun.cz> Thu Nov 12 09:18:16 2015 +0100
committer: Filip Pytloun <filip@pytloun.cz> Thu Nov 12 09:18:16 2015 +0100
tree: 8ba6e3667689c44521354cdcdcdfd9fcb16cd989
parent: 28e665c545497fd068cc55970e0d0c52e90cdb93 [diff]
diff --git a/apache/files/_ssl.conf b/apache/files/_ssl.conf
index 5eefcbc..5007ec7 100644
--- a/apache/files/_ssl.conf
+++ b/apache/files/_ssl.conf

@@ -5,6 +5,11 @@
   SSLCertificateFile /etc/ssl/certs/{{ site.host.name }}.crt
   SSLCertificateKeyFile /etc/ssl/private/{{ site.host.name }}.key
   SSLCertificateChainFile /etc/ssl/certs/ca-chain.crt
+
+  {%- if site.ssl.get('forward_secrecy', False) %}
+  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
+  {%- endif %}
+
   {%- set ssl_mode = site.ssl.get('mode', 'secure') %}
   {%- include "apache/files/_ssl_"+ssl_mode+".conf" %}
   {%- endif %}
commit	d075dd2e07fb2f17a566fcca2a0fc575792eea71	[log] [tgz]
author	Filip Pytloun <filip@pytloun.cz>	Thu Nov 12 09:18:16 2015 +0100
committer	Filip Pytloun <filip@pytloun.cz>	Thu Nov 12 09:18:16 2015 +0100
tree	8ba6e3667689c44521354cdcdcdfd9fcb16cd989
parent	28e665c545497fd068cc55970e0d0c52e90cdb93 [diff]