BBlack has submitted this change and it was merged. Change subject: transparency: make it HTTPS only and enable HSTS ......................................................................
transparency: make it HTTPS only and enable HSTS Make https://transparency.wikimedia.org/ HTTPS only, and enable HSTS with max-age=7 days. I also deleted the unused 404 code. Bug: T40516 Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 --- M manifests/role/transparency.pp M templates/apache/sites/transparency.wikimedia.org.erb 2 files changed, 6 insertions(+), 6 deletions(-) Approvals: BBlack: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/transparency.pp b/manifests/role/transparency.pp index 77dd7f3..9b177b9 100644 --- a/manifests/role/transparency.pp +++ b/manifests/role/transparency.pp @@ -6,6 +6,7 @@ class role::transparency { include ::apache include ::apache::mod::rewrite + include ::apache::mod::headers $repo_dir = '/srv/org/wikimedia/TransparencyReport' $docroot = "${repo_dir}/build" diff --git a/templates/apache/sites/transparency.wikimedia.org.erb b/templates/apache/sites/transparency.wikimedia.org.erb index 82f9393..44abf7c 100644 --- a/templates/apache/sites/transparency.wikimedia.org.erb +++ b/templates/apache/sites/transparency.wikimedia.org.erb @@ -1,5 +1,5 @@ # vim:ft=apache: ts=4 sw=4 -# Apache configuration for <http://transparency.wikimedia.org> +# Apache configuration for <https://transparency.wikimedia.org> # This file is managed by Puppet. <VirtualHost *:80> ServerName transparency.wikimedia.org @@ -15,10 +15,9 @@ allow from all </Directory> - # Serve 404s for all requests until the launch, at 2014-Aug-06 08:30 UTC. - # This code can be removed any time after that. --OL RewriteEngine on - RewriteCond %{ENV:REDIRECT_STATUS} !=404 - RewriteCond %{TIME} <<%= Time.utc(2014, 'Aug', 6, 8, 30).strftime('%Y%m%d%H%M%S') %> - RewriteRule .* - [L,R=404] + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,E=ProtoRedirect] + Header always merge Vary X-Forwarded-Proto env=ProtoRedirect + Header always set Strict-Transport-Security "max-age=604800" </VirtualHost> -- To view, visit https://gerrit.wikimedia.org/r/199517 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I14f5cf359c9754c3f7359827b34859aa41d5ac76 Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine <chmark...@hotmail.com> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: JanZerebecki <jan.wikime...@zerebecki.de> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits