Closed Erethon closed 2 months ago
Deployed and seems to be working. Thank you for sending this patch!
$ curl -I http://cache.nixos.org/
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 0
Server: Varnish
Retry-After: 0
Location: https://cache.nixos.org/
Accept-Ranges: bytes
Date: Tue, 16 Apr 2024 19:23:05 GMT
Via: 1.1 varnish
X-Served-By: cache-vie6342-VIE
X-Cache: HIT
X-Cache-Hits: 0
X-Timer: S1713295386.891547,VS0,VE0
access-control-allow-origin: *
Next step is probably making sure we have HSTS headers enabled, but that's a more dangerous step since it can't easily be rolled back. Let's revisit in a few weeks/months if nobody has yelled for this HTTP serving removal.
Deployed and seems to be working. Thank you for sending this patch!
$ curl -I http://cache.nixos.org/ HTTP/1.1 301 Moved Permanently Connection: close Content-Length: 0 Server: Varnish Retry-After: 0 Location: https://cache.nixos.org/ Accept-Ranges: bytes Date: Tue, 16 Apr 2024 19:23:05 GMT Via: 1.1 varnish X-Served-By: cache-vie6342-VIE X-Cache: HIT X-Cache-Hits: 0 X-Timer: S1713295386.891547,VS0,VE0 access-control-allow-origin: *
Can confirm it works, thank you for the quick review!
Opening this after some discussion in the Matrix Infra channel.
(cache|channels|tarballs|releases).nixos.org currently don't redirect http to https and are available under http. I believe the changes in this PR will make Fastly redirect http to https, but I have no way to test this, this assumption is based on the docs of the Terraform provider.