opendev
/
system-config
Code Issues Proposed changes
system-config/playbooks/roles
History
Jeremy Stanley 49643313d7 Redirect all Mailman sites from HTTP to HTTPS 
For the past six months, all our mailing list sites have supported
HTTPS without incident. The main downside to the current
implementation is that Mailman itself writes some URLs with an
explicit scheme, causing people submitting forms from pages served
over HTTPS to get warnings because the forms are posting to plain
HTTP URLs for the same site. In order to correct this, we need to
tell Mailman to put https:// instead of http:// into these, but
doing so essentially eliminates any reason for us to continue
serving content over plain HTTP anyway.

Configure the default URL scheme of all our Mailman sites to use
HTTPS now, and set up permanent redirects from HTTP to HTTPS, per
the examples in the project's documentation:

https://wiki.list.org/DOC/4.27%20Securing%20Mailman%27s%20web%20GUI%20by%20using%20Secure%20HTTP-SSL%20%28HTTPS%29

Also update our testinfra functions to validate the blanket
redirects and perform all other testing over HTTPS.

Once this merges, the fix_url script will need to be run manually
against all lists for the current sites, as noted in that document.

Change-Id: I366bc915685fb47ef723f29d16211a2550e02e34
 		2022-07-01 19:16:00 +00:00
..
accessbot Update accessbot config to use OFTC 2021-05-28 18:37:33 +00:00
afs-release Serve meetings.opendev.org 2021-06-02 13:56:19 +10:00
afsmon afsmon: install python3-pip 2020-02-12 16:39:11 +11:00
apache-ua-filter Block restricted user agents for the tarballs site 2020-10-16 17:45:12 +00:00
base Merge "Remove open-vm-tools from servers" 2022-05-04 06:40:45 +00:00
borg-backup Borg ignore ansible tmp files 2022-05-05 08:36:20 -07:00
borg-backup-server borg-backup: skip .checkpoint archives 2021-11-03 12:39:10 +11:00
codesearch codesearch: Add robots.txt 2020-11-20 19:13:32 +11:00
configure-kubectl Configure .kube/config on bridge 2019-02-06 15:43:19 -08:00
configure-openstacksdk Add inmotion cloud to cloud launcher 2021-04-21 11:18:40 -07:00
disable-puppet-agent Stop running mcollective 2020-05-05 15:00:04 -05:00
dstat-logger dstat-logger: redirect stdout to /dev/null 2021-03-24 22:23:13 +00:00
edit-secrets-script Add edit-secrets script to bridge.o.o 2019-02-27 08:45:11 -08:00
etherpad Merge "etherpad: remove session key" 2022-05-04 06:27:45 +00:00
gerrit Merge "gerrit: Update to 3.5 for production" 2022-06-19 21:40:27 +00:00
gerritbot Run gerritbot with a user that will be shared with matrix-gerritbot 2021-11-05 11:24:05 -07:00
gitea Upgrade Gitea to 1.16.6 2022-04-20 16:47:02 -07:00
gitea-git-repos gitea: set custom avatars for orgs 2022-03-18 11:06:09 +11:00
gitea-lb gitea-haproxy: issue liveness check to HEAD / 2022-03-08 09:46:59 +11:00
gitea-set-org-logos Merge "gitea-set-org-logos: openstack logo centered" 2022-05-13 01:26:43 +00:00
grafana grafana: proxy websockets 2022-03-10 12:49:56 +11:00
graphite graphite: fix xFilesFactor 2022-06-28 18:41:17 +10:00
haproxy Reload haproxy when its config updates 2022-02-16 15:30:01 -08:00
import-gpg-key reprepro: convert to Ansible 2020-10-19 14:06:57 +11:00
install-ansible Remove configuration management for ELK stack 2022-04-18 10:04:06 -07:00
install-ansible-roles puppet: don't run module install steps multiple times 2020-09-03 09:23:05 +10:00
install-apt-repo Vendor the apt repo gpg keys used for Zuul 2020-05-20 13:17:09 -07:00
install-borg borg-backup: add fuse 2020-11-05 11:56:46 +11:00
install-certcheck Generate ssl check list directly from letsencrypt variables 2020-05-20 14:27:14 +10:00
install-docker install-docker: install build-essential for cffi on Xenial 2021-07-12 14:49:17 +10:00
install-kubectl Remove snap cleanup tasks 2020-04-16 12:45:36 -05:00
install-osc-container Use openstackclient from container 2020-04-23 07:46:28 -05:00
install-podman Run a gerrit container on review-dev01 2019-10-29 08:29:17 +09:00
iptables Block outbound SMTP connections from test jobs 2021-12-09 18:46:38 +00:00
jitsi-meet Fix meetpad audio mute setting 2022-01-19 11:00:12 -08:00
kerberos-kdc Merge "kerberos-kdc: quote some integers to avoid string/int confusion" 2021-03-22 22:56:26 +00:00
keycloak Pull keycloak from quay.io 2022-05-04 13:08:28 -07:00
letsencrypt-acme-sh-install Retry acme.sh cloning 2021-10-13 18:31:46 +00:00
letsencrypt-config-certcheck Generate ssl check list directly from letsencrypt variables 2020-05-20 14:27:14 +10:00
letsencrypt-create-certs Remove ethercalc config management 2022-05-30 12:57:48 -07:00
letsencrypt-install-txt-record Remove some unnecessary debug: statements 2021-05-07 11:11:56 +10:00
letsencrypt-request-certs Update letsencrypt role docs to suggest a specific order 2021-12-03 14:24:13 -08:00
limnoria Update HTML channel logs every 15 minutes 2021-06-28 14:32:35 +00:00
lodgeit Switch lodgeit to run under a dedicated user 2021-11-19 09:11:38 -08:00
logrotate reprepro: convert to Ansible 2020-10-19 14:06:57 +11:00
mailman Redirect all Mailman sites from HTTP to HTTPS 2022-07-01 19:16:00 +00:00
mailman-list Use newlist's automate option 2021-12-15 17:42:58 +00:00
mailman-site Redirect all Mailman sites from HTTP to HTTPS 2022-07-01 19:16:00 +00:00
master-nameserver Don't log the public loop on master-nameserver 2020-04-08 16:38:15 -05:00
matrix-eavesdrop Move #zuul from OFTC to Matrix 2021-08-20 14:44:44 -07:00
matrix-gerritbot Update gerritbot-matrix version to include wipness 2022-04-12 14:41:53 +00:00
mirror Override DOCTYPE in wheel cache autoindex 2022-01-30 18:54:12 +00:00
mirror-update mirror: add Fedora 36 2022-06-09 16:37:54 +10:00
nameserver nameserver: Allow master server to notify via ipv6 2020-10-28 09:26:14 +00:00
nodepool-base nodepool-base: prefer ZK IPv6 addresses 2021-04-21 16:56:07 +10:00
nodepool-base-legacy Add initial Ansible for nodepool hosts 2020-03-06 14:02:52 +11:00
nodepool-builder Run daily backups of nodepool zk image data 2021-09-16 14:12:08 -07:00
nodepool-launcher Auto update nodepool launchers 2022-06-16 08:23:17 -07:00
openafs-db-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-file-server openafs-<db|file>-server: fix role name 2021-02-10 13:49:12 +11:00
openafs-server-config openafs-server-config: install UserList 2021-03-30 09:49:53 +11:00
pip3 Use versioned get-pip.py URL for Ubuntu Bionic 2022-01-30 15:37:58 +00:00
ptgbot Add ptgbot serveralias for redirecting PTG site 2021-10-07 19:34:16 +00:00
puppet-run puppet: don't run module install steps multiple times 2020-09-03 09:23:05 +10:00
puppet-setup-ansible install-ansible: move install_modules.sh to puppet-setup-ansible 2020-09-03 09:28:16 +10:00
rax-dns-backup rax-dns-backup : fix cron output capture 2021-04-15 07:15:09 +10:00
refstack refstack: don't chown db directory 2021-11-05 09:39:29 +11:00
registry Adds support for running zuul-registry as a non-root user 2022-03-03 09:06:51 -08:00
reprepro Merge "Stop mirroring source packages for debian" 2022-05-13 17:04:28 +00:00
root-keys roles: Add README.rst and lint 2018-08-23 21:34:42 +10:00
run-selenium run-selenium: run selenium on a node 2021-01-18 07:58:23 -08:00
static Drop tap-as-a-service tarballs site redirect 2022-03-30 12:57:54 +00:00
statusbot statusbot: don't use opendevstatus name in testing 2021-06-11 22:59:24 +10:00
sync-project-config Stop logging the rsync of puppet 2020-04-30 16:11:42 -05:00
vos-release Add missing newline in vos_release.sudo 2019-11-21 19:08:30 +00:00
zk-ca Zookeeper: listen on plain and TLS ports 2020-06-17 10:38:59 -07:00
zookeeper Purge ZK snapshots more frequently 2021-11-08 07:34:46 -08:00
zuul Remove gearman from Zuul 2022-02-01 13:52:47 -08:00
zuul-executor Add the start of a Zuul rolling restart playbook 2022-05-25 09:48:28 -07:00
zuul-lb Do more robust checks against zuul-web with haproxy 2022-03-04 14:17:51 -08:00
zuul-merger Fix zuul merger graceful stops 2022-06-01 09:49:40 -07:00
zuul-preview Install docker-compose from pypi 2020-04-16 12:08:00 -07:00
zuul-scheduler Replace zuul cli command with zuul-admin 2022-06-10 09:14:34 +02:00
zuul-status-backup Add --fail flag to zuul status backup curl 2020-04-28 08:33:05 -05:00
zuul-user Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00
zuul-web zuul-*: use multiline formatter 2021-12-13 14:54:16 +11:00
set-hostname Split eavesdrop into its own playbook 2020-04-23 14:34:28 -05:00