projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
only notify service if defined
[mirror/dsa-puppet.git]
/
modules
/
apache2
/
templates
/
ssl-key-pins.erb
diff --git
a/modules/apache2/templates/ssl-key-pins.erb
b/modules/apache2/templates/ssl-key-pins.erb
index
273cc69
..
7e891a2
100644
(file)
--- a/
modules/apache2/templates/ssl-key-pins.erb
+++ b/
modules/apache2/templates/ssl-key-pins.erb
@@
-3,6
+3,8
@@
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##
+<IfModule mod_macro.c>
+
<%=
$cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt'
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
<%=
$cert_dir_le = '/srv/puppet.debian.org/from-letsencrypt'
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
@@
-21,7
+23,8
@@
res << "<Macro http-pkp-#{site}>"
if pin_info.size >= 2 then
pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
res << "<Macro http-pkp-#{site}>"
if pin_info.size >= 2 then
pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
- pin_info << "max-age=300"
+ # 60 days
+ pin_info << "max-age=5184000"
pin_str = pin_info.join("; ")
res << " Header always set Public-Key-Pins \"#{pin_str}\""
else
pin_str = pin_info.join("; ")
res << " Header always set Public-Key-Pins \"#{pin_str}\""
else
@@
-41,3
+44,5
@@
end
macros.join("\n")
-%>
end
macros.join("\n")
-%>
+
+</IfModule>