Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/199515
Change subject: noc - redirect HTTP to HTTPS; enable HSTS 7 days ...................................................................... noc - redirect HTTP to HTTPS; enable HSTS 7 days Make https://noc.wikimedia.org HTTPS only, and enable HSTS with max-age=7 days. Change-Id: Ie3706dd85c6f796f8ff55c3ea95461c963cc2f26 --- M modules/noc/templates/noc.wikimedia.org.erb 1 file changed, 5 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/15/199515/1 diff --git a/modules/noc/templates/noc.wikimedia.org.erb b/modules/noc/templates/noc.wikimedia.org.erb index a2abe28..5120070 100644 --- a/modules/noc/templates/noc.wikimedia.org.erb +++ b/modules/noc/templates/noc.wikimedia.org.erb @@ -15,6 +15,11 @@ RewriteRule ^/~(.+) https://people.wikimedia.org/~$1 [R=301,L] RewriteRule ^/dbtree(.*)$ https://dbtree.wikimedia.org [R=301,L] + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,E=ProtoRedirect] + Header always merge Vary X-Forwarded-Proto env=ProtoRedirect + Header always set Strict-Transport-Security "max-age=604800" + ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, -- To view, visit https://gerrit.wikimedia.org/r/199515 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie3706dd85c6f796f8ff55c3ea95461c963cc2f26 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine <chmark...@hotmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
