Add hsts also to https virthost

author: Kevin Fenzi <kevin@scrye.com> 2015-12-01 18:37:05 +0000
committer: Kevin Fenzi <kevin@scrye.com> 2015-12-01 18:37:05 +0000
commit: 6e5df77ce7408cd55359836a7c29fde11dec9f35 (patch)
tree: ca330b74ac7a5ffbcf1bcc2d7dc43eb154eb8756 /roles/keyserver/files
parent: 41df45256c8f4822e4f5dd4b793c804bdb2387c4 (diff)
download: ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.tar.gz
ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.tar.xz
ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/keyserver/files/sks.conf b/roles/keyserver/files/sks.conf
index 1e1773204..9870207e0 100644
--- a/roles/keyserver/files/sks.conf
+++ b/roles/keyserver/files/sks.conf
@@ -43,7 +43,6 @@ NameVirtualHost *:443
         RewriteEngine On
         RewriteCond %{HTTPS} off
         RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
-        # Set HSTS header via HTTP since it cannot be easily set in squid, which terminates HTTPS
         Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 </VirtualHost>
 
@@ -63,6 +62,7 @@ NameVirtualHost *:443
 	ProxyPassReverse / http://localhost:11371/
         SetEnv proxy-nokeepalive 1
 	ProxyVia Full
+        Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 </VirtualHost>
 <VirtualHost *:443>
         ServerAdmin sysadmin-keys-members@fedoraproject.org
author	Kevin Fenzi <kevin@scrye.com>	2015-12-01 18:37:05 +0000
committer	Kevin Fenzi <kevin@scrye.com>	2015-12-01 18:37:05 +0000
commit	6e5df77ce7408cd55359836a7c29fde11dec9f35 (patch)
tree	ca330b74ac7a5ffbcf1bcc2d7dc43eb154eb8756 /roles/keyserver/files
parent	41df45256c8f4822e4f5dd4b793c804bdb2387c4 (diff)
download	ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.tar.gz ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.tar.xz ansible-6e5df77ce7408cd55359836a7c29fde11dec9f35.zip