CLE-Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add hsts and redirect to https for keys. Ticket 4960

Browse source
This commit is contained in:
Kevin Fenzi 2015-12-01 17:58:02 +00:00
parent 53f7d90e77
commit a73d331bbf
1 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

10
roles/keyserver/files/sks.conf
View file

@ -40,11 +40,13 @@ NameVirtualHost *:443
<VirtualHost *:80> <VirtualHost *:80>
ServerAdmin sysadmin-keys-members@fedoraproject.org ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org ServerName keys.fedoraproject.org
ProxyPass / http://127.0.0.1:11371/ RewriteEngine On
ProxyPassReverse / http://127.0.0.1:11371/ RewriteCond %{HTTPS} off
SetEnv proxy-nokeepalive 1 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
ProxyVia Full # Set HSTS header via HTTP since it cannot be easily set in squid, which terminates HTTPS
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <VirtualHost *:443>
ServerAdmin sysadmin-keys-members@fedoraproject.org ServerAdmin sysadmin-keys-members@fedoraproject.org
ServerName keys.fedoraproject.org ServerName keys.fedoraproject.org