From 17dcbd1c1e657c12e9727adc7fdb2a38cd56f02f Mon Sep 17 00:00:00 2001
From: Markus Katharina Brechtel <markus.katharina.brechtel@thengo.net>
Date: Mon, 6 Jul 2020 08:34:30 +0200
Subject: [PATCH] HSTS

---
 tasks/apache2.yml              | 1 +
 templates/apache-vhost.conf.j2 | 1 +
 2 files changed, 2 insertions(+)

diff --git a/tasks/apache2.yml b/tasks/apache2.yml
index 89df7b7..28d3a44 100644
--- a/tasks/apache2.yml
+++ b/tasks/apache2.yml
@@ -8,6 +8,7 @@
     - ssl
     - rewrite
     - env
+    - headers
   notify: restart apache2
 
 - name: apache2 nextcloud vhost
diff --git a/templates/apache-vhost.conf.j2 b/templates/apache-vhost.conf.j2
index 2f64cd2..eef011b 100644
--- a/templates/apache-vhost.conf.j2
+++ b/templates/apache-vhost.conf.j2
@@ -13,6 +13,7 @@
   {% if not certificate_provider == "selfsigned" %}
   SSLCertificateChainFile "/etc/ssl/certs/nextcloud.chain.pem"
   {% endif %}
+  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
 
   DocumentRoot {{nextcloud_directory}}