From b4db8eb74d7536086da9bcb11d7a74d45d9432cb Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 4 Jul 2020 14:23:29 -0500
Subject: [PATCH] roles/homeassistant: Add HTTPS redirect

Enforce HTTPS access to Home Assistant web UI using a redirect and HSTS.
---
 roles/homeassistant/templates/homeassistant.httpd.conf.j2 | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/roles/homeassistant/templates/homeassistant.httpd.conf.j2 b/roles/homeassistant/templates/homeassistant.httpd.conf.j2
index 03fc35e..a0166f4 100644
--- a/roles/homeassistant/templates/homeassistant.httpd.conf.j2
+++ b/roles/homeassistant/templates/homeassistant.httpd.conf.j2
@@ -7,7 +7,13 @@ ProxyPass / http://localhost:8123/
 ProxyPassReverse / http://localhost:8123/
 
 RewriteEngine on
+RewriteCond %{HTTPS} !on
+RewriteRule /.* https://%{SERVER_NAME}$0 [R=301,L]
+
 RewriteCond %{HTTP:Upgrade} =websocket [NC]
 RewriteRule /(.*)  ws://localhost:8123/$1 [P,L]
 RewriteCond %{HTTP:Upgrade} !=websocket [NC]
 RewriteRule /(.*)  http://localhost:8123/$1 [P,L]
+
+Header always set \
+	Strict-Transport-Security "max-age=63072000; includeSubDomains"