HomePhabricator

Remove TLS bits from internal sites behind cache_misc
185bb1850ac3Unpublished

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.
This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

Remove TLS bits from internal sites behind cache_misc

All of these services live behind cache_misc, which
unconditionally provides and enforces standardized HTTPS and HSTS.
Getting rid of the redundant redirect/HSTS code in them makes it
simpler to audit the puppet repo for functional TLS-related
configuration on actual directly-public sites with less confusion.

One could make the argument that these role/sites could eventually
be re-used for a direct service, but if so the configuration would
be completely different. What they do today (port 80 vhost with
!XFP->redir, +HSTS) does not make sense for a directly-public
site, which would instead have port 80 vhost with unconditional
redir and a port 443 vhost with +HSTS.

Bug: T132685
Change-Id: I01f49496a73dd30c2e7ad42e94390779b82dbe65

Details

Provenance
BBlackAuthored on Jun 6 2016, 1:51 PM
ChangeId
I01f49496a73dd30c2e7ad42e94390779b82dbe65

Commit No Longer Exists

This commit no longer exists in the repository.