commit f68209505842ed72afb4c258fd0f0673469e46cb
parent 0529eb9dcca0b7582b86faf0148547ddceb7a84d
Author: Paco Esteban <paco@e1e0.net>
Date: Thu, 4 Jun 2020 10:19:19 +0200
httpd: add hsts option
Diffstat:
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/roles/httpd/templates/https-host.conf.j2 b/roles/httpd/templates/https-host.conf.j2
@@ -11,6 +11,13 @@ server "{{ item.server_name }}" {
certificate "/etc/ssl/letsencrypt/{{ item.server_name }}/fullchain.pem"
key "/etc/ssl/letsencrypt/{{ item.server_name }}/privkey.pem"
}
+{% if item.hsts is defined %}
+ hsts {
+ max-age 5184000
+ preload
+ subdomains
+ }
+{% endif %}
{% if item.no_logging is defined %}
no log
{% else %}
diff --git a/website.yml b/website.yml
@@ -45,6 +45,7 @@
- "www.e1e0.net"
server_owner: "paco"
root: "/htdocs/e1e0.net"
+ hsts: true
locations:
- name: "/paste/*"
options:
@@ -80,6 +81,7 @@
- "www.onna.be"
server_owner: "paco"
root: "/htdocs/onna.be"
+ hsts: true
locations:
- name: "/gh-contrib"
options: