Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 584356

Summary: dev.gentoo.org web server should enable HSTS & automatic http->https redirection
Product: Gentoo Infrastructure Reporter: SpanKY <vapier>
Component: Dev box issuesAssignee: Gentoo Infrastructure <infra-bugs>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=803926
Whiteboard:
Package list:
Runtime testing required: ---

Description SpanKY gentoo-dev 2016-05-27 19:08:02 UTC 
we've got the certs, so we should staple down dev.gentoo.org to always use https
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-05-27 19:51:18 UTC 
Ya, hsts is good, just make sure that hpkp isn't enabled as it's takes a lot more care.

https://community.letsencrypt.org/t/hpkp-best-practices-if-you-choose-to-implement/4625
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-16 00:37:16 UTC 
This looks complete:

$ curl -IL http://dev.gentoo.org
HTTP/1.1 301 Moved Permanently
Date: Thu, 16 Jun 2022 00:36:34 GMT
Server: Apache
Permissions-Policy: interest-cohort=()
Referrer-Policy: strict-origin-when-cross-origin
Location: https://dev.gentoo.org/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Thu, 16 Jun 2022 00:36:34 GMT
Server: Apache
Location: https://www.gentoo.org
Content-Type: text/html; charset=iso-8859-1

HTTP/2 200
server: nginx
content-type: text/html
last-modified: Thu, 16 Jun 2022 00:31:12 GMT
etag: "62aa79d0-5aa2"
strict-transport-security: max-age=31536000
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
accept-ranges: bytes
date: Thu, 16 Jun 2022 00:36:35 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-sjc10033-SJC
x-cache: MISS
x-cache-hits: 0
x-timer: S1655339795.130308,VS0,VE705
vary: Accept-Encoding
content-length: 23202