From ff252cea44b7bc843f545f256c2c3b6d7c2f912c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 17 Sep 2025 10:15:32 -0700 Subject: [PATCH] I can't off hand think of why this would break anything, but do let me know if you think it will. Before we merge this, we will need to adjust things in mirrormanager to not provide http links most likely (although I suppose the redirects will work for http clients). Signed-off-by: Kevin Fenzi kevin@scrye.com --- playbooks/groups/secondary.yml | 1 + roles/download/templates/httpd/dl.fedoraproject.org.conf | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/playbooks/groups/secondary.yml b/playbooks/groups/secondary.yml index bfed62151a..6a279baacd 100644 --- a/playbooks/groups/secondary.yml +++ b/playbooks/groups/secondary.yml @@ -48,6 +48,7 @@ vars: - site_name: secondary.fedoraproject.org - cert_name: "{{wildcard_cert_name}}" + - sslonly: true server_aliases: - archive.fedoraproject.org - archives.fedoraproject.org diff --git a/roles/download/templates/httpd/dl.fedoraproject.org.conf b/roles/download/templates/httpd/dl.fedoraproject.org.conf index 6346cc96f9..c55c9bd037 100644 --- a/roles/download/templates/httpd/dl.fedoraproject.org.conf +++ b/roles/download/templates/httpd/dl.fedoraproject.org.conf @@ -3,7 +3,12 @@ ServerAlias archive.fedoraproject.org archives.fedoraproject.org secondary.fedoraproject.org download-ib01.fedoraproject.org download-cc-rdu01.fedoraproject.org ServerAdmin webmaster@fedoraproject.org TraceEnable Off - + # + # redirect everyone to use https + # + RewriteEngine on + RewriteCond %{SERVER_PORT} !^443$ + RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R] Include "conf.d/dl.fedoraproject.org/*.conf"