Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/188015
Change subject: dumps: Strengthen ssl settings
......................................................................
dumps: Strengthen ssl settings
Bug: T74072
Change-Id: I7529dd81d7084bd5dd60ab99ee155c5b88c916a7
---
M modules/dumps/files/nginx.dumps.conf
M modules/dumps/manifests/init.pp
2 files changed, 5 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/15/188015/1
diff --git a/modules/dumps/files/nginx.dumps.conf
b/modules/dumps/files/nginx.dumps.conf
index 8c8fbbb..113222e 100644
--- a/modules/dumps/files/nginx.dumps.conf
+++ b/modules/dumps/files/nginx.dumps.conf
@@ -8,6 +8,8 @@
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
+ <%= @ssl_settings.join("\n") %>
+
root /data/xmldatadumps/public;
location / {
diff --git a/modules/dumps/manifests/init.pp b/modules/dumps/manifests/init.pp
index ad8e99a..7b7208b 100644
--- a/modules/dumps/manifests/init.pp
+++ b/modules/dumps/manifests/init.pp
@@ -2,6 +2,9 @@
install_certificate{ 'dumps.wikimedia.org': ca => 'RapidSSL_CA.pem' }
include ::nginx
+
+ $ssl_settings = ssl_ciphersuite('nginx', 'compat')
+
nginx::site { 'dumps':
source => 'puppet:///modules/dumps/nginx.dumps.conf',
notify => Service['nginx'],
--
To view, visit https://gerrit.wikimedia.org/r/188015
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I7529dd81d7084bd5dd60ab99ee155c5b88c916a7
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
