From cffd0b38bb11e95cddf2ff39f25d9adb64491ae0 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Thu, 6 Feb 2020 03:22:38 -0600
Subject: [PATCH] Enable strict transport security

---
 roles/nextcloud/templates/apache2-vhost-ssl.conf | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf
index 311d337..271ae3d 100644
--- a/roles/nextcloud/templates/apache2-vhost-ssl.conf
+++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf
@@ -9,15 +9,7 @@ SSLStrictSNIVHostCheck off
 # Website configuration
 <VirtualHost *:80>
 	ServerName {{ nextcloud_url }}
-	# Uncomment me for HTTPS redirection
-	# Leaving it off for now for testing
-	#Redirect permanent / https://{{ nextcloud_url }}
-	DocumentRoot {{ nextcloud_webroot }}
-	<Directory "{{ nextcloud_webroot }}">
-		Require all granted
-		AllowOverride All
-		Options MultiViews FollowSymlinks
-	</Directory>
+	Redirect permanent / https://{{ nextcloud_url }}
 </VirtualHost>
 <VirtualHost *:443>
 	SSLEngine on
@@ -36,4 +28,7 @@ SSLStrictSNIVHostCheck off
 		AllowOverride All
 		Options MultiViews FollowSymlinks
 	</Directory>
+	<IfModule mod_headers.c>
+		Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
+	</IfModule>
 </VirtualHost>