##
## When enabled allows only SSL traffic onto Plinth.  This is done by
## redirecting non-secure traffic to secure traffic.  The redirect is
## permanent as recommended in:
## http://tools.ietf.org/html/rfc6797#section-7
##
## Requires the following Apache modules to be enabled:
##   mod_rewrite
##   mod_gnutls
##
<Location /plinth>
    RewriteEngine on
    # FIXME: Workaround for mod_gnutls (Debian Bug #514005)
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</Location>