From 2ecd703badfde6c7f15c39829aa7f170bb61dbb6 Mon Sep 17 00:00:00 2001
From: Dan Goodliffe <dan@randomdan.homeip.net>
Date: Sat, 4 Nov 2017 16:13:47 +0000
Subject: Enable HSTS for SSL sites

---
 etc/apache/httpd.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/etc/apache/httpd.conf b/etc/apache/httpd.conf
index 7bd35c6..10fddfd 100644
--- a/etc/apache/httpd.conf
+++ b/etc/apache/httpd.conf
@@ -138,6 +138,7 @@ PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS
 	SSLCertificateFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/cert.pem
 	SSLCertificateKeyFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/privkey.pem
 	SSLCertificateChainFile /etc/letsencrypt/live/gentoobrowse.randomdan.homeip.net/chain.pem
+	Header always set Strict-Transport-Security "max-age=864000; includeSubDomains"
 </VirtualHost>
 <VirtualHost *:443>
 	ServerName git.randomdan.homeip.net
@@ -145,4 +146,5 @@ PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS
 	SSLCertificateFile /etc/letsencrypt/live/git.randomdan.homeip.net/cert.pem
 	SSLCertificateKeyFile /etc/letsencrypt/live/git.randomdan.homeip.net/privkey.pem
 	SSLCertificateChainFile /etc/letsencrypt/live/git.randomdan.homeip.net/chain.pem
+	Header always set Strict-Transport-Security "max-age=864000; includeSubDomains"
 </VirtualHost>
-- 
cgit v1.2.3