Similar to T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests and T102367: Migrate tools.wmflabs.org to https only (and set HSTS), we should be making TLS mandatory for things hosted behind profile::wmcs::proxy::static instances.
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static | operations/puppet | production | +14 -4 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | bd808 | T131288 Make Cloud Services shared HTTP proxies enforce TLS | |||
Resolved | bd808 | T273648 Force HTTPS and set HSTS header to 366 days for profile::wmcs::proxy::static proxies |
Event Timeline
Comment Actions
Change 661147 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static
Comment Actions
Change 661147 merged by Andrew Bogott:
[operations/puppet@production] wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static