Put HSTS header in the right place

diff --git a/manifests/site.pp b/manifests/site.pp
index fd7914a77f351015f7b4f2e38ef18832bda5d183..4179c72f1cb8ef5b33bd92d61118576bdce8b8c0 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -44,7 +44,7 @@ define apache::site(
     default => $mpm_user,
   }
 
-  $gid = $mpm_group? {
+  $gid = $mpm_group ? {
     ''      => regsubst($title, '\.', '_', 'G'),
     default => $mpm_group,
   }

diff --git a/templates/site.erb b/templates/site.erb
index a1a6a8a5cfc64c1a0819b3f24c6349e801789aab..628732602cd1a75c606e457ee59f1be126164b2a 100644 (file)
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -7,9 +7,6 @@
    RewriteEngine On
 <% end -%>
 <% if https_redirect != false %>
-   # Use HTTP Strict Transport Security to force client to use secure connections only
-   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-
    # Redirect all HTTP to HTTPS
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]<% end %>
 <% if redirect_match != false %>   RedirectMatch ^/$ <%= protocol %>://<%= title %>.<%= hosting_domain %>/<%= redirect_match %><% end %>
@@ -41,6 +38,9 @@
 <% if ssl == true %>
 # begin ssl vhost for <%= title %>
 <VirtualHost <%= listen %>:443>
+   # Use HTTP Strict Transport Security to force client to use secure connections only
+   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+
    ServerName <%= title %>.<%= hosting_domain %>
 <% if server_alias != false %>   ServerAlias <%= server_alias %><% end %>
    DocumentRoot <%= docroot %>