From 36b2550810a32b306ca89e5a7139ae24519342e7 Mon Sep 17 00:00:00 2001 From: clime Date: Thu, 21 Feb 2019 14:37:27 +0100 Subject: [PATCH] libravatar: specify HSTS with IncludeSubDomains --- roles/libravatar/templates/httpd/libravatar.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf index 2eb5027f1c..5e87fde7e7 100644 --- a/roles/libravatar/templates/httpd/libravatar.conf +++ b/roles/libravatar/templates/httpd/libravatar.conf @@ -23,7 +23,7 @@ RewriteEngine on SSLCertificateFile /etc/letsencrypt/live/{{ server_seccdn_name }}/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_seccdn_name }}/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/{{ server_seccdn_name }}/fullchain.pem - Header always add Strict-Transport-Security "max-age=31536000; preload" + Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] @@ -36,7 +36,7 @@ RewriteEngine on SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem - Header always add Strict-Transport-Security "max-age=31536000; preload" + Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] @@ -49,7 +49,7 @@ RewriteEngine on SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem - Header always add Strict-Transport-Security "max-age=31536000; preload" + Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]