commit e59a915d528ff8dce44105a5ec573f2e001ee1e8
Author: Florian Best <best@univention.de>
Date:   Tue Jul 16 09:52:51 2019 +0200

    Bug #49844: add HSTS to letsencrypt virtual hosts

diff --git a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf b/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf
index 00c61a4..36e55d8 100644
--- a/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf
+++ b/univention-letsencrypt/conffiles/etc/apache2/sites-available/univention-letsencrypt.conf
@@ -27,6 +27,11 @@ except AttributeError as e:
 	domains = []
 
 if configRegistry.is_true('letsencrypt/services/apache2'):
+	try:
+		with open('/etc/univention/templates/files/etc/apache2/sites-available/ssl.d/10hsts') as fd:
+			hsts = run_filter(fd.read(), configRegistry)
+	except IOERror:
+		hsts = ''
 	for domain in domains:
 		if domain == fqdn:
 			continue
@@ -51,12 +56,14 @@ if configRegistry.is_true('letsencrypt/services/apache2'):
 	SSLCertificateKeyFile {key}
 
 	{docker_apps_reverse_proxy}
+	{hsts}
 
 </VirtualHost>""".format(
 			domain=domain,
 			cert=cert_path,
 			key=key_path,
-			docker_apps_reverse_proxy = docker_apps_reverse_proxy
+			docker_apps_reverse_proxy=docker_apps_reverse_proxy,
+			hsts=hsts,
 		))
 @!@
 </IfModule>
diff --git a/univention-letsencrypt/debian/control b/univention-letsencrypt/debian/control
index fe64e36..22c46f8 100644
--- a/univention-letsencrypt/debian/control
+++ b/univention-letsencrypt/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>> 7),
 
 Package: univention-letsencrypt
 Architecture: all
-Depends: python, univention-config
+Depends: python, univention-config, univention-apache
 Recommends: apache2
 Description: univention-letsencrypt - automatically request SSL certificates
  This package contains acme_tiny.py for semi-automatic request of SSL