##
## When enabled allows only SSL traffic onto Plinth.  This is done by
## redirecting non-secure traffic to secure traffic.  The redirect is
## permanent as recommended in:
## http://tools.ietf.org/html/rfc6797#section-7
##
## Requires the following Apache modules to be enabled:
##   mod_rewrite
##   mod_ssl
##
<Location /plinth>
    RewriteEngine on
    # Don't redirect for onion sites as it is not needed and leads to
    # unnecessary warning.
    RewriteCond %{HTTP_HOST} !^.*\.onion$ [NC]
    ReWriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</Location>