From 3168380ff0fb5768f476e228fb5c96f85072d955 Mon Sep 17 00:00:00 2001
From: Guillaume Vincent <guillaume@oslab.fr>
Date: Thu, 17 Dec 2020 17:09:32 +0100
Subject: [PATCH] edit hsts configuration

The header must contain the `includeSubDomains` directive.
The header must contain the `preload` directive.
---
 containers/webserver/httpd-ssl.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/containers/webserver/httpd-ssl.conf b/containers/webserver/httpd-ssl.conf
index f443c28..39845e7 100644
--- a/containers/webserver/httpd-ssl.conf
+++ b/containers/webserver/httpd-ssl.conf
@@ -139,7 +139,7 @@ ServerAdmin EMAIL
     SSLEngine on
     SSLCertificateFile "/usr/local/apache2/conf/CRT_PATH"
     SSLCertificateKeyFile "/usr/local/apache2/conf/KEY_PATH"
-    Header always set Strict-Transport-Security "max-age=63072000"
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -154,7 +154,7 @@ ServerAdmin EMAIL
     SSLEngine on
     SSLCertificateFile "/usr/local/apache2/conf/CRT_PATH"
     SSLCertificateKeyFile "/usr/local/apache2/conf/KEY_PATH"
-    Header always set Strict-Transport-Security "max-age=63072000"
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -168,5 +168,5 @@ ServerAdmin EMAIL
     SSLEngine on
     SSLCertificateFile "/usr/local/apache2/conf/CRT_PATH"
     SSLCertificateKeyFile "/usr/local/apache2/conf/KEY_PATH"
-    Header always set Strict-Transport-Security "max-age=63072000"
+    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
 </VirtualHost>