apache: Add support for HTTP Strict Transport Security

apache/templates/site.https.conf.erb

@@ -148,6 +148,13 @@ BrowserMatch "MSIE [2-5]" \
 #   compact non-error SSL logfile on a virtual host basis.
 #CustomLog logs/ssl_request_log \
 #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+<% if @hsts == true -%>
+
+# Enable HTTP Strict Transport Security
+<IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=15768000"
+</IfModule>
+<% end -%>
 
 Include <%= @site_confdir %>/*.conf