From 9a31f4f4e0db8d590d410544ca5554ff1765fa77 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Mon, 24 Mar 2025 10:04:38 -0700 Subject: [PATCH] download: drop http only dl/secondary/archive and redirect to https I can't off hand think of why this would break anything, but do let me know if you think it will. Before we merge this, we will need to adjust things in mirrormanager to not provide http links most likely (although I suppose the redirects will work for http clients). Signed-off-by: Kevin Fenzi --- playbooks/groups/secondary.yml | 1 + roles/download/templates/httpd/dl.fedoraproject.org.conf | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index d12b8ab02c..387d9b67dd 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -47,6 +47,7 @@ vars: - site_name: secondary.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" + - sslonly: true server_aliases: - archive.fedoraproject.org - archives.fedoraproject.org diff --git a/roles/download/templates/httpd/dl.fedoraproject.org.conf b/roles/download/templates/httpd/dl.fedoraproject.org.conf index 6346cc96f9..bb6ff1e410 100644 --- a/roles/download/templates/httpd/dl.fedoraproject.org.conf +++ b/roles/download/templates/httpd/dl.fedoraproject.org.conf @@ -4,6 +4,12 @@ ServerAdmin webmaster@fedoraproject.org TraceEnable Off + # + # redirect everyone to use https + # + RewriteEngine on + RewriteCond %{SERVER_PORT} !^443$ + RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R] Include "conf.d/dl.fedoraproject.org/*.conf" -- 2.49.0