Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Set HSTS for sslonly websites in roles/httpd/reverseproxy

Browse source
This commit is contained in:
Till Maas 2015-02-12 21:41:27 +01:00
parent ee9730d6b7
commit ce8655f7d1
7 changed files with 1 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/fedora-web/getfedora/files/getfedora.org.conf
View file

@ -3,8 +3,6 @@ Alias /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
FileETag MTime Size FileETag MTime Size
ExpiresActive On ExpiresActive On

2
roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
View file

@ -4,5 +4,3 @@ Header unset Set-Cookie
ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

2
roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
View file

@ -8,5 +8,3 @@ Header unset Set-Cookie
ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

2
roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
View file

@ -10,5 +10,3 @@ ProxyPassReverse /accounts/user/dogencert http://fas1/
ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

2
roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
View file

@ -26,8 +26,6 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/
RewriteCond %{HTTPS} off RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
Header always add Strict-Transport-Security "max-age=15768000; preload"
RewriteRule ^(.+) - [PT] RewriteRule ^(.+) - [PT]

2
roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
View file

@ -37,5 +37,3 @@ Header unset Set-Cookie
ProxyPass {{localpath}} {{proxyurl}}{{remotepath}} ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}} ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"

1
roles/httpd/website/templates/website.conf
View file

@ -14,6 +14,7 @@
RewriteEngine On RewriteEngine On
RewriteCond %{HTTPS} off RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE] RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
{% else %} {% else %}
Include "conf.d/{{ name }}/*.conf" Include "conf.d/{{ name }}/*.conf"
{% endif %} {% endif %}