Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/145491
Change subject: StrictTransportSecurity for wikitech
......................................................................
StrictTransportSecurity for wikitech
enable STS on Wikitech, just like we recently did on Bugzilla
Change-Id: If8d97284cafb72c062e74221540e5a101c7c04ba
---
M manifests/openstack.pp
M templates/apache/sites/wikitech.wikimedia.org.erb
2 files changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/91/145491/1
diff --git a/manifests/openstack.pp b/manifests/openstack.pp
index 29229a6..088f56b 100644
--- a/manifests/openstack.pp
+++ b/manifests/openstack.pp
@@ -515,6 +515,7 @@
include ::apache::mod::rewrite
+ include ::apache::mod::headers
include backup::host
backup::set {'a-backup': }
diff --git a/templates/apache/sites/wikitech.wikimedia.org.erb
b/templates/apache/sites/wikitech.wikimedia.org.erb
index 1807806..670b974 100644
--- a/templates/apache/sites/wikitech.wikimedia.org.erb
+++ b/templates/apache/sites/wikitech.wikimedia.org.erb
@@ -47,6 +47,8 @@
SSLCertificateKeyFile /etc/ssl/private/<%= certificate %>.key
SSLCACertificatePath /etc/ssl/certs/
+ Header append Strict-Transport-Security "max-age=604800"
+
RedirectMatch ^/$ https://<%= webserver_hostname %>/wiki/
RewriteEngine on
--
To view, visit https://gerrit.wikimedia.org/r/145491
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If8d97284cafb72c062e74221540e5a101c7c04ba
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
