HomePhabricator

Remove TLS bits from internal sites behind cache_misc
185bb1850ac3Unpublished

Authored by BBlack on Jun 6 2016, 1:51 PM.

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Remove TLS bits from internal sites behind cache_misc

All of these services live behind cache_misc, which
unconditionally provides and enforces standardized HTTPS and HSTS.
Getting rid of the redundant redirect/HSTS code in them makes it
simpler to audit the puppet repo for functional TLS-related
configuration on actual directly-public sites with less confusion.

One could make the argument that these role/sites could eventually
be re-used for a direct service, but if so the configuration would
be completely different. What they do today (port 80 vhost with
!XFP->redir, +HSTS) does not make sense for a directly-public
site, which would instead have port 80 vhost with unconditional
redir and a port 443 vhost with +HSTS.

Bug: T132685
Change-Id: I01f49496a73dd30c2e7ad42e94390779b82dbe65

Details

Committed
BBlackJun 6 2016, 2:19 PM
Parents
rOPUP846085958cff: Activate more logs on postgresql for maps.
Branches
Unknown
Tags
Unknown
References
refs/changes/28/292928/1
ChangeId
I01f49496a73dd30c2e7ad42e94390779b82dbe65