From 2a3493fec1d65a2cbc5936bc37a61892888fc48b Mon Sep 17 00:00:00 2001 From: Glenn Strauss Date: Tue, 3 Jan 2023 23:08:44 -0500 Subject: [PATCH] lighttpd 308 redirect code from http to https github: closes #139 --- src/templates/partials/lighttpd.hbs | 40 +++++++++++++++-------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/src/templates/partials/lighttpd.hbs b/src/templates/partials/lighttpd.hbs index 8b89f334..0f5bdd98 100644 --- a/src/templates/partials/lighttpd.hbs +++ b/src/templates/partials/lighttpd.hbs @@ -6,25 +6,6 @@ #server.port = 80 $SERVER["socket"] == "[::]:80" { } -{{#if form.hsts}} -$HTTP["scheme"] == "http" { -{{#if (minver "1.4.50" form.serverVersion)}} - url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") -{{else}} - $HTTP["host"] =~ ".*" { - url.redirect = (".*" => "https://%0$0") - } -{{/if}} -} - -$HTTP["scheme"] == "https" { - # HTTP Strict Transport Security ({{output.hstsMaxAge}} seconds) - setenv.add-response-header = ( - "Strict-Transport-Security" => "max-age={{output.hstsMaxAge}}" - ) -} -{{/if}} - {{#if (minver "1.4.56" form.serverVersion)}} # select one TLS module: "mod_openssl" "mod_mbedtls" "mod_gnutls" "mod_wolfssl" "mod_nss" #server.modules += ("mod_openssl") @@ -103,3 +84,24 @@ $SERVER["socket"] == ":443" { } #$SERVER["socket"] == "[::]:443" { ... } # repeat entire $SERVER["socket"] == ":443" { ... } config above for IPv6 {{/if}} + +{{#if form.hsts}} +$HTTP["scheme"] == "https" { + # HTTP Strict Transport Security ({{output.hstsMaxAge}} seconds) + setenv.add-response-header = ( + "Strict-Transport-Security" => "max-age={{output.hstsMaxAge}}" + ) +} +else $HTTP["scheme"] == "http" { + {{#if (minver "1.4.31" form.serverVersion)}} + url.redirect-code = 308 + {{/if}} + {{#if (minver "1.4.50" form.serverVersion)}} + url.redirect = ("" => "https://${url.authority}${url.path}${qsa}") + {{else}} + $HTTP["host"] =~ ".*" { + url.redirect = (".*" => "https://%0$0") + } + {{/if}} +} +{{/if}}