Page MenuHomePhabricator
Create Task
Maniphest T273648

Force HTTPS and set HSTS header to 366 days for profile::wmcs::proxy::static proxies
Closed, ResolvedPublic
Actions

Description

Similar to T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests and T102367: Migrate tools.wmflabs.org to https only (and set HSTS), we should be making TLS mandatory for things hosted behind profile::wmcs::proxy::static instances.

Details

SubjectRepoBranchLines +/-
wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::staticoperations/puppetproduction+14 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Feb 2 2021, 5:04 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2021, 5:04 PM
gerritbot added a comment.Feb 2 2021, 5:10 PM

Change 661147 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static

https://gerrit.wikimedia.org/r/661147

gerritbot added a project: Patch-For-Review.Feb 2 2021, 5:10 PM
bd808 claimed this task.Feb 2 2021, 5:14 PM
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
Restricted Application added a project: User-bd808. · View Herald TranscriptFeb 2 2021, 5:14 PM
bd808 added a parent task: T131288: Make Cloud Services shared HTTP proxies enforce TLS.Feb 2 2021, 5:17 PM
gerritbot added a comment.Feb 2 2021, 5:25 PM

Change 661147 merged by Andrew Bogott:
[operations/puppet@production] wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static

https://gerrit.wikimedia.org/r/661147

bd808 closed this task as Resolved.Feb 2 2021, 6:05 PM
bd808 mentioned this in T131288: Make Cloud Services shared HTTP proxies enforce TLS.
Maintenance_bot removed a project: Patch-For-Review.Feb 2 2021, 6:10 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL