Set HSTS for sslonly websites in roles/httpd/reverseproxy

2026-06-14 22:36:09 +08:00 · 2015-02-12 21:41:27 +01:00
parent ee9730d6b7
commit ce8655f7d1
7 changed files with 1 additions and 12 deletions
--- a/roles/fedora-web/getfedora/files/getfedora.org.conf
+++ b/roles/fedora-web/getfedora/files/getfedora.org.conf
@@ -3,8 +3,6 @@ Alias /favicon.ico /srv/web/fedoraproject.org/static/images/favicon.ico

 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript

-Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
-
 FileETag MTime Size

 ExpiresActive On
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.bodhi.conf
@@ -4,5 +4,3 @@ Header unset Set-Cookie

 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
-
-Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.elections.conf
@@ -8,5 +8,3 @@ Header unset Set-Cookie

 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
-
-Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.fas.conf
@@ -10,5 +10,3 @@ ProxyPassReverse /accounts/user/dogencert http://fas1/

 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
-
-Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
--- a/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.id.conf
@@ -26,8 +26,6 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* {{proxyurl}}/openid/id/$1/
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

-Header always add Strict-Transport-Security "max-age=15768000; preload"
-

 RewriteRule ^(.+) - [PT]

--- a/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
+++ b/roles/httpd/reverseproxy/templates/reversepassproxy.pkgdb.conf
@@ -37,5 +37,3 @@ Header unset Set-Cookie

 ProxyPass {{localpath}} {{proxyurl}}{{remotepath}}
 ProxyPassReverse {{localpath}} {{proxyurl}}{{remotepath}}
-
-Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -14,6 +14,7 @@
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [NE]
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
 {% else %}
  Include "conf.d/{{ name }}/*.conf"
 {% endif %}