From 5fde472f4730b5d62f994aa9fe09c3e596790a56 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Fri, 17 Sep 2021 17:57:19 +0200
Subject: [PATCH] install_httpd-2.4.sh: add default additional_ssl_settings
 (HSTS).

---
 install_httpd-2.4.sh | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/install_httpd-2.4.sh b/install_httpd-2.4.sh
index 3a47ca0..0a21841 100755
--- a/install_httpd-2.4.sh
+++ b/install_httpd-2.4.sh
@@ -3753,6 +3753,34 @@ if [ -f /etc/profile ]; then
 fi
 
 
+## - Add additional SSL configuration (HSTS) file: 000-additional-ssl-settings.conf
+## -
+echo "" >> ${_logdir}/main.log
+echo "## - Add additional SSL configuration (HSTS) file: 000-additional-ssl-settings.conf.." >> ${_logdir}/main.log
+echo "## -" >> ${_logdir}/main.log
+echo ""
+echononl "\tAdd additional SSL configuration (HSTS) file: 000-additional-ssl-settings.conf.."
+cat <<EOF > ${PREFIX}/conf/vhosts/000-additional-ssl-settings.conf
+<IfModule mod_headers.c>
+   # - HTTP Strict Transport Security (HSTS)
+   # -
+   # - HSTS tells a browser that the website should only be accessed through
+   # - a secure connection. The HSTS header will be remembered by a standard
+   # compliant browser for max-age seconds.
+   # -
+   # - Remember this settings for 1 year
+   # -
+   Header always set Strict-Transport-Security "max-age=31536000" env=HTTPS
+</IfModule>
+EOF
+if [ "$?" = "0" ]; then
+   echo_ok
+else
+   echo_failed
+   warn "Adding config file 000-logformat.conf failed."
+fi
+
+
 ## - Add default vhost configuration file 000-default.conf
 ## -
 echo "" >> ${_logdir}/main.log