[MediaWiki-commits] [Gerrit] transparency: make it HTTPS only and enable HSTS - change (operations/puppet)
BBlack has submitted this change and it was merged. Change subject: transparency: make it HTTPS only and enable HSTS .. transparency: make it HTTPS only and enable HSTS Make https://transparency.wikimedia.org/ HTTPS only, and enable HSTS with max-age=7 days. I also deleted the unused 404 code. Bug: T40516 Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 --- M manifests/role/transparency.pp M templates/apache/sites/transparency.wikimedia.org.erb 2 files changed, 6 insertions(+), 6 deletions(-) Approvals: BBlack: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/transparency.pp b/manifests/role/transparency.pp index 77dd7f3..9b177b9 100644 --- a/manifests/role/transparency.pp +++ b/manifests/role/transparency.pp @@ -6,6 +6,7 @@ class role::transparency { include ::apache include ::apache::mod::rewrite +include ::apache::mod::headers $repo_dir = '/srv/org/wikimedia/TransparencyReport' $docroot = ${repo_dir}/build diff --git a/templates/apache/sites/transparency.wikimedia.org.erb b/templates/apache/sites/transparency.wikimedia.org.erb index 82f9393..44abf7c 100644 --- a/templates/apache/sites/transparency.wikimedia.org.erb +++ b/templates/apache/sites/transparency.wikimedia.org.erb @@ -1,5 +1,5 @@ # vim:ft=apache: ts=4 sw=4 -# Apache configuration for http://transparency.wikimedia.org +# Apache configuration for https://transparency.wikimedia.org # This file is managed by Puppet. VirtualHost *:80 ServerName transparency.wikimedia.org @@ -15,10 +15,9 @@ allow from all /Directory -# Serve 404s for all requests until the launch, at 2014-Aug-06 08:30 UTC. -# This code can be removed any time after that. --OL RewriteEngine on -RewriteCond %{ENV:REDIRECT_STATUS} !=404 -RewriteCond %{TIME} %= Time.utc(2014, 'Aug', 6, 8, 30).strftime('%Y%m%d%H%M%S') % -RewriteRule .* - [L,R=404] +RewriteCond %{HTTP:X-Forwarded-Proto} !https +RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,E=ProtoRedirect] +Header always merge Vary X-Forwarded-Proto env=ProtoRedirect +Header always set Strict-Transport-Security max-age=604800 /VirtualHost -- To view, visit https://gerrit.wikimedia.org/r/199517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine chmark...@hotmail.com Gerrit-Reviewer: BBlack bbl...@wikimedia.org Gerrit-Reviewer: JanZerebecki jan.wikime...@zerebecki.de Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] transparency: make it HTTPS only and enable HSTS - change (operations/puppet)
Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/199517 Change subject: transparency: make it HTTPS only and enable HSTS .. transparency: make it HTTPS only and enable HSTS Make https://transparency.wikimedia.org/ HTTPS only, and enable HSTS with max-age=7 days. I also deleted the unused 404 code. Bug: T40516 Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 --- M manifests/role/transparency.pp M templates/apache/sites/transparency.wikimedia.org.erb 2 files changed, 6 insertions(+), 6 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/17/199517/1 diff --git a/manifests/role/transparency.pp b/manifests/role/transparency.pp index 77dd7f3..9b177b9 100644 --- a/manifests/role/transparency.pp +++ b/manifests/role/transparency.pp @@ -6,6 +6,7 @@ class role::transparency { include ::apache include ::apache::mod::rewrite +include ::apache::mod::headers $repo_dir = '/srv/org/wikimedia/TransparencyReport' $docroot = ${repo_dir}/build diff --git a/templates/apache/sites/transparency.wikimedia.org.erb b/templates/apache/sites/transparency.wikimedia.org.erb index 82f9393..44abf7c 100644 --- a/templates/apache/sites/transparency.wikimedia.org.erb +++ b/templates/apache/sites/transparency.wikimedia.org.erb @@ -1,5 +1,5 @@ # vim:ft=apache: ts=4 sw=4 -# Apache configuration for http://transparency.wikimedia.org +# Apache configuration for https://transparency.wikimedia.org # This file is managed by Puppet. VirtualHost *:80 ServerName transparency.wikimedia.org @@ -15,10 +15,9 @@ allow from all /Directory -# Serve 404s for all requests until the launch, at 2014-Aug-06 08:30 UTC. -# This code can be removed any time after that. --OL RewriteEngine on -RewriteCond %{ENV:REDIRECT_STATUS} !=404 -RewriteCond %{TIME} %= Time.utc(2014, 'Aug', 6, 8, 30).strftime('%Y%m%d%H%M%S') % -RewriteRule .* - [L,R=404] +RewriteCond %{HTTP:X-Forwarded-Proto} !https +RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,E=ProtoRedirect] +Header always merge Vary X-Forwarded-Proto env=ProtoRedirect +Header always set Strict-Transport-Security max-age=604800 /VirtualHost -- To view, visit https://gerrit.wikimedia.org/r/199517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine chmark...@hotmail.com ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits