Page MenuHomePhabricator
Create Task
Maniphest T273651

Force HTTPS and set HSTS header to 366 days for profile::toolforge::static proxies
Closed, ResolvedPublic
Actions

Description

Similar to T120486: Set "https_upgrade" configuration flag for domainproxy to enforce HTTPS upgrade for GET|HEAD requests and T102367: Migrate tools.wmflabs.org to https only (and set HSTS), we should be making TLS mandatory for things hosted behind profile::toolforge::static instances.

Details

SubjectRepoBranchLines +/-
toolforge: Force HTTPS with 366 day HSTS header in profile::toolforge::staticoperations/puppetproduction+12 -8
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 created this task.Feb 2 2021, 5:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 2 2021, 5:19 PM
bd808 added a parent task: T131288: Make Cloud Services shared HTTP proxies enforce TLS.Feb 2 2021, 5:19 PM
gerritbot added a comment.Feb 2 2021, 5:29 PM

Change 661153 had a related patch set uploaded (by BryanDavis; owner: Bryan Davis):
[operations/puppet@production] toolforge: Force HTTPS with 366 day HSTS header in profile::toolforge::static

https://gerrit.wikimedia.org/r/661153

gerritbot added a project: Patch-For-Review.Feb 2 2021, 5:29 PM
bd808 claimed this task.Feb 2 2021, 6:06 PM
bd808 triaged this task as Medium priority.
bd808 mentioned this in T131288: Make Cloud Services shared HTTP proxies enforce TLS.
bd808 moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.
Restricted Application added a project: User-bd808. · View Herald TranscriptFeb 2 2021, 6:07 PM
gerritbot added a comment.Feb 2 2021, 6:51 PM

Change 661153 merged by Andrew Bogott:
[operations/puppet@production] toolforge: Force HTTPS with 366 day HSTS header in profile::toolforge::static

https://gerrit.wikimedia.org/r/661153

Maintenance_bot removed a project: Patch-For-Review.Feb 2 2021, 7:10 PM
bd808 closed this task as Resolved.May 3 2021, 5:08 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL