From 7316b208cc22d430f2d6071b5d732d83007961ff Mon Sep 17 00:00:00 2001
From: =?utf8?q?Oliver=20B=C3=B6ttcher?= <oliver.boettcher@pixelpark.com>
Date: Wed, 22 Mar 2017 15:52:13 +0100
Subject: [PATCH] MHK - baustellenseite

---
 .../mhk/www01-mhk-kueche-de.pixelpark.net.yaml    | 13 ++++++++++++-
 .../mhk/www02-mhk-kueche-de.pixelpark.net.yaml    | 13 ++++++++++++-
 .../mhk/www03-mhk-kueche-de.pixelpark.net.yaml    | 15 +++++++++++++--
 3 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/customer/mhk/www01-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/www01-mhk-kueche-de.pixelpark.net.yaml
index 3b9985ee..150624dc 100644
--- a/customer/mhk/www01-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/www01-mhk-kueche-de.pixelpark.net.yaml
@@ -32,7 +32,18 @@ site::profile::apache::pp_vhosts:
         rewrite_cond:
           - '%%{ich-trickse}{HTTP_HOST} !^kueche.de$ [NC]'
         rewrite_rule:
-          - '^(.*)$ http://kueche.de [R=301,L]'
+          - '^(.*)$ http://kueche.de$1 [R=301,L]'
+      - to_ssl:
+        comment: 'all to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTP:HTTPS} !=on [NC]'
+        rewrite_rule:
+          - '^(.*)$ https://kueche.de$1 [R=301,L]'
+    headers:
+      - 'set X-Frame-Options: sameorigin'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS'
   www:
     docroot: '/var/www/mhk'
     servername: www-kueche-de.pixelpark.net
diff --git a/customer/mhk/www02-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/www02-mhk-kueche-de.pixelpark.net.yaml
index 7e7d37e1..272649bc 100644
--- a/customer/mhk/www02-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/www02-mhk-kueche-de.pixelpark.net.yaml
@@ -32,7 +32,18 @@ site::profile::apache::pp_vhosts:
         rewrite_cond:
           - '%%{ich-trickse}{HTTP_HOST} !^kueche.de$ [NC]'
         rewrite_rule:
-          - '^(.*)$ http://kueche.de [R=301,L]'
+          - '^(.*)$ http://kueche.de$1 [R=301,L]'
+      - to_ssl:
+        comment: 'all to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTP:HTTPS} !=on [NC]'
+        rewrite_rule:
+          - '^(.*)$ https://kueche.de$1 [R=301,L]'
+    headers:
+      - 'set X-Frame-Options: sameorigin'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS'
   www:
     docroot: '/var/www/mhk'
     servername: www-kueche-de.pixelpark.net
diff --git a/customer/mhk/www03-mhk-kueche-de.pixelpark.net.yaml b/customer/mhk/www03-mhk-kueche-de.pixelpark.net.yaml
index 1dac6b2f..09fcefd7 100644
--- a/customer/mhk/www03-mhk-kueche-de.pixelpark.net.yaml
+++ b/customer/mhk/www03-mhk-kueche-de.pixelpark.net.yaml
@@ -26,13 +26,24 @@ site::profile::apache::pp_vhosts:
     ssl: false
     setenvif:
       - 'HTTPS on HTTPS=on'
+    access_log_format: remote_combined
     rewrites:
       - nonwww:
         rewrite_cond:
           - '%%{ich-trickse}{HTTP_HOST} !^kueche.de$ [NC]'
         rewrite_rule:
-          - '^(.*)$ http://kueche.de [R=301,L]'
-    access_log_format: remote_combined
+          - '^(.*)$ http://kueche.de$1 [R=301,L]'
+      - to_ssl:
+        comment: 'all to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTP:HTTPS} !=on [NC]'
+        rewrite_rule:
+          - '^(.*)$ https://kueche.de$1 [R=301,L]'
+    headers:
+      - 'set X-Frame-Options: sameorigin'
+      - 'set X-XSS-Protection: "1; mode=block"'
+      - 'set X-Content-Type-Options: nosniff'
+      - 'set Strict-Transport-Security: max-age=31536000 env=HTTPS'
   www:
     docroot: '/var/www/mhk'
     servername: www-kueche-de.pixelpark.net
-- 
2.39.5