Similar to T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests and T102367: Migrate tools.wmflabs.org to https only (and set HSTS), we should be making TLS mandatory for things hosted behind profile::wmcs::proxy::static instances.
Customize query in gerrit
|operations/puppet||production||+14 -4||wmcs: Force HTTPS with 366 day HSTS header with profile::wmcs::proxy::static|
|Resolved||bd808||T131288 Make Cloud Services shared HTTP proxies enforce TLS|
|Resolved||bd808||T273648 Force HTTPS and set HSTS header to 366 days for profile::wmcs::proxy::static proxies|