Use HSTS in apache conf. Fixes #47.

2026-01-21 07:55:00 +00:00 · 2013-11-28 00:52:18 +00:00 · 2013-11-28 00:52:18 +00:00 · 96310b4366
commit 96310b4366
parent 0ec794aaa7
2 changed files with 4 additions and 0 deletions
--- a/1
+++ b/1
@ -100,6 +100,7 @@ apache-config: apache-install apache-ssl
 apache-ssl:
 	make-ssl-cert generate-default-snakeoil
 	a2enmod ssl
+	a2enmod headers
 	a2enmod rewrite
 	a2enmod proxy
 	a2enmod proxy_http
--- a/share/apache2/plinth.conf
+++ b/share/apache2/plinth.conf
@ -21,6 +21,9 @@
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

+    ## Use HTTP Strict Transport Security to force client to use secure connections only
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
    ## Shared options.
    ProxyPreserveHost on
    DocumentRoot /usr/share/plinth