branch master updated: hydra: berlin: Redirect HTTP to HTTPS by default.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: hydra: berlin: Redirect HTTP to HTTPS by default.

From:	Tobias Geerinckx-Rice
Subject:	branch master updated: hydra: berlin: Redirect HTTP to HTTPS by default.
Date:	Fri, 19 Nov 2021 10:56:05 -0500

This is an automated email from the git hooks/post-receive script.

nckx pushed a commit to branch master
in repository maintenance.

The following commit(s) were added to refs/heads/master by this push:
     new 4015696  hydra: berlin: Redirect HTTP to HTTPS by default.
4015696 is described below

commit 4015696e45c2242a2e7221c4f43231db5581bda4
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Tue Nov 2 16:31:36 2021 +0100

    hydra: berlin: Redirect HTTP to HTTPS by default.
    
    * hydra/nginx/berlin.scm (%berlin-servers): Add a default port-80 server
    to redirect all requests to their HTTPS counterparts.  Remove explicit
    HTTP support for guix.gnu.org and issues.guix.gnu.org.
---
 hydra/nginx/berlin.scm | 42 +++++++-----------------------------------
 1 file changed, 7 insertions(+), 35 deletions(-)

diff --git a/hydra/nginx/berlin.scm b/hydra/nginx/berlin.scm
index 4713d7b..38854e3 100644
--- a/hydra/nginx/berlin.scm
+++ b/hydra/nginx/berlin.scm
@@ -809,7 +809,13 @@ PUBLISH-URL."
 
 (define %berlin-servers
   (list
-   ;; Plain HTTP
+   ;; Redirect domains that don't explicitly support HTTP (below) to HTTPS.
+   (nginx-server-configuration
+    (listen '("80"))
+    (raw-content
+     (list "return 308 https://$host$request_uri;";)))
+
+   ;; Domains that still explicitly support plain HTTP.
    (nginx-server-configuration
     (listen '("80"))
     (server-name '("ci.guix.gnu.org"))
@@ -843,40 +849,6 @@ PUBLISH-URL."
 
    (nginx-server-configuration
     (listen '("80"))
-    (server-name '("guix.gnu.org"))
-    (root "/srv/guix.gnu.org")
-    (locations guix.gnu.org-locations)
-    (raw-content
-     (list
-      "add_header Content-Security-Policy \"frame-ancestors 'none'\";"
-
-      ;; TODO This works around NGinx using the epoch for the
-      ;; Last-Modified date, as well as the etag.
-      ;; See http://issues.guix.gnu.org/37207
-      "add_header Last-Modified \"\";"
-      "if_modified_since off;"
-      "etag off;"
-
-      "rewrite (.*)/$ $1/index.html;"
-      "access_log /var/log/nginx/guix-info.access.log;")))
-
-   (nginx-server-configuration
-    (listen '("80"))
-    (server-name '("issues.guix.gnu.org"))
-    (root "/home/rekado/mumi/")
-    (locations
-     (list (nginx-location-configuration ;certbot
-            (uri "/.well-known")
-            (body (list "root /var/www;")))
-           (nginx-location-configuration
-            (uri "/")
-            (body '("proxy_pass http://localhost:1234;";)))))
-    (raw-content
-     (list
-      "access_log /var/log/nginx/issues-guix-info.access.log;")))
-
-   (nginx-server-configuration
-    (listen '("80"))
     (server-name '("guixwl.org"
                    "www.guixwl.org"))
     (root "/home/rekado/gwl/")

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: hydra: berlin: Redirect HTTP to HTTPS by default., Tobias Geerinckx-Rice <=

Prev by Date: 03/04: gnu: seatd: Make elogind a propagated input.
Next by Date: branch master updated (6460345 -> 256c3e7)
Previous by thread: branch core-updates-frozen updated (c00131d -> d55ed27)
Next by thread: branch master updated (6460345 -> 256c3e7)
Index(es):
- Date
- Thread