Chmarkine has uploaded a new change for review.
https://gerrit.wikimedia.org/r/154368
Change subject: wikitech - use ssl_ciphersuite to add HSTS
......................................................................
wikitech - use ssl_ciphersuite to add HSTS
ssl_ciphersuite can also be used to add HSTS (I9bc1104b), so use it.
Change-Id: I4655ebb78b71eba5c8781c9960a25b212bd295b6
---
M manifests/role/nova.pp
M templates/apache/sites/wikitech.wikimedia.org.erb
2 files changed, 1 insertion(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/68/154368/1
diff --git a/manifests/role/nova.pp b/manifests/role/nova.pp
index d486361..0ab32b7 100644
--- a/manifests/role/nova.pp
+++ b/manifests/role/nova.pp
@@ -306,7 +306,7 @@
ca => $ca
}
- $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+ $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')
class { 'openstack::openstack-manager':
openstack_version => $openstack_version,
diff --git a/templates/apache/sites/wikitech.wikimedia.org.erb
b/templates/apache/sites/wikitech.wikimedia.org.erb
index a49ad9d..19b332f 100644
--- a/templates/apache/sites/wikitech.wikimedia.org.erb
+++ b/templates/apache/sites/wikitech.wikimedia.org.erb
@@ -45,8 +45,6 @@
SSLCACertificatePath /etc/ssl/certs/
<%= @ssl_settings.join("\n") %>
- Header set Strict-Transport-Security "max-age=31536000"
-
RedirectMatch ^/$ https://<%= @webserver_hostname %>/wiki/
RewriteEngine on
--
To view, visit https://gerrit.wikimedia.org/r/154368
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4655ebb78b71eba5c8781c9960a25b212bd295b6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Chmarkine <chmark...@hotmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
