Follow the implementation of T102367: Migrate tools.wmflabs.org to https only (and set HSTS) for domainproxy (*.wmflabs.org shared proxy)
- Deploy https://gerrit.wikimedia.org/r/620122 with the POST loophole and 1 day HSTS header
- Announce the change to cloud-annouce@
- Close the POST loophole, set the HSTS header to 366 days
- Announce the change to cloud-announce@
Original task description:
"add a https-only option to dynamicproxy"
dynamicproxy (what labs projects in wmflabs.org use to have https) (module dynamicproxy in puppet),
does https and http but does not have an option yet to enforce https and proto redirect http->https
we want that for T107627 and in general for all tools using this.
also see T102367