apache: Add support for HTTP Strict Transport Security

2013-08-14 14:31:23 +03:00 · 2013-08-14 14:31:23 +03:00 · e6d7688bdc
commit e6d7688bdc
parent a3b970ab8e
4 changed files with 20 additions and 3 deletions
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -266,6 +266,9 @@ class apache::sslserver::listen {
 #   $first:
 #       Bool for whether this is the first (default) vhost
 #       when using NameVirtualHost. Defaults to false.
+#   $hsts:
+#       Bool for whether to enable HTTP Strict Transport Security for this
+#       virtual host. Defaults to false.
 #   $ipaddr:
 #       IP address of virtual host. Defaults to _default_.
 #   $root:
@ -285,15 +288,21 @@ class apache::sslserver::listen {
 #     ssl_key  => "puppet:///path/to/www.example.com.key",
 # }
 #
-define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
+define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
+                       $ssl_cert="", $ssl_key="", $ssl_chain="") {

    include apache::sslserver::listen

+    if $hsts == true {
+        include apache::mod::headers
+    }
+
    case $::operatingsystem {
        "debian","ubuntu": {
            $apache_ssldir = "/etc/ssl"
            apache::debian::sslsite { $name:
                first     => $first,
+                hsts      => $hsts,
                ipaddr    => $ipaddr,
                root      => $root,
                ssl_cert  => $ssl_cert,
@ -306,6 +315,7 @@ define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert=""
            $apache_ssldir = "/etc/pki/tls"
            apache::redhat::sslsite { $name:
                first     => $first,
+                hsts      => $hsts,
                ipaddr    => $ipaddr,
                root      => $root,
                ssl_cert  => $ssl_cert,