Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/154368
Change subject: wikitech - use ssl_ciphersuite to add HSTS ...................................................................... wikitech - use ssl_ciphersuite to add HSTS ssl_ciphersuite can also be used to add HSTS (I9bc1104b), so use it. Change-Id: I4655ebb78b71eba5c8781c9960a25b212bd295b6 --- M manifests/role/nova.pp M templates/apache/sites/wikitech.wikimedia.org.erb 2 files changed, 1 insertion(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/68/154368/1 diff --git a/manifests/role/nova.pp b/manifests/role/nova.pp index d486361..0ab32b7 100644 --- a/manifests/role/nova.pp +++ b/manifests/role/nova.pp @@ -306,7 +306,7 @@ ca => $ca } - $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat') + $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365') class { 'openstack::openstack-manager': openstack_version => $openstack_version, diff --git a/templates/apache/sites/wikitech.wikimedia.org.erb b/templates/apache/sites/wikitech.wikimedia.org.erb index a49ad9d..19b332f 100644 --- a/templates/apache/sites/wikitech.wikimedia.org.erb +++ b/templates/apache/sites/wikitech.wikimedia.org.erb @@ -45,8 +45,6 @@ SSLCACertificatePath /etc/ssl/certs/ <%= @ssl_settings.join("\n") %> - Header set Strict-Transport-Security "max-age=31536000" - RedirectMatch ^/$ https://<%= @webserver_hostname %>/wiki/ RewriteEngine on -- To view, visit https://gerrit.wikimedia.org/r/154368 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I4655ebb78b71eba5c8781c9960a25b212bd295b6 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine <chmark...@hotmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits