imfreedom/k8s-cluster

Add hsts headers to all the thingz

2020-09-08, Gary Kramlich
3d11aff373b0
Parents 28ba6fd6eea3
Children e3295530b5d0
Add hsts headers to all the thingz
13 files changed, 35 insertions(+), 0 deletions(-)
  • +9 -0
    40-imfreedom-middleware.yaml
  • +1 -0
    50-carrier.pidgin.im.yaml
  • +1 -0
    50-ci.imfreedom.org.yaml
  • +6 -0
    50-docs.pidgin.im.yaml
  • +1 -0
    50-gaim.pidgin.im.yaml
  • +1 -0
    50-hub.imfreedom.org.yaml
  • +1 -0
    50-imfreedom.org.yaml
  • +1 -0
    50-issues.imfreedom.org.yaml
  • +1 -0
    50-keep.imfreedom.org.yaml
  • +1 -0
    50-planet.pidgin.im.yaml
  • +10 -0
    50-reaperworld.com.yaml
  • +1 -0
    50-reviews.imfreedom.org.yaml
  • +1 -0
    50-wiki.imfreedom.org.yaml
    • --- a/40-imfreedom-middleware.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/40-imfreedom-middleware.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -20,3 +20,12 @@
    scheme: https
    permanent: true
    ---
    +apiVersion: traefik.containo.us/v1alpha1
    +kind: Middleware
    +metadata:
    + name: hsts-headers
    + namespace: imfreedom
    +spec:
    + headers:
    + stsSeconds: 31536000
    +---
    --- a/50-carrier.pidgin.im.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-carrier.pidgin.im.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -33,6 +33,7 @@
    port: 3333
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: carrier-tls
    options:
    --- a/50-ci.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-ci.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -172,6 +172,7 @@
    middlewares:
    # - name: ci-body-size
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: ci-tls
    options:
    --- a/50-docs.pidgin.im.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-docs.pidgin.im.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -34,6 +34,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    - match: Host(`docs.pidgin.im`) && PathPrefix(`/gplugin/latest`)
    kind: Rule
    services:
    @@ -42,6 +43,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    - match: Host(`docs.pidgin.im`) && PathPrefix(`/gplugin-gtk/latest`)
    kind: Rule
    services:
    @@ -50,6 +52,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    - match: Host(`docs.pidgin.im`) && PathPrefix(`/libgnt/latest`)
    kind: Rule
    services:
    @@ -58,6 +61,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    - match: Host(`docs.pidgin.im`) && PathPrefix(`/libgnt/next`)
    kind: Rule
    services:
    @@ -66,6 +70,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    - match: Host(`docs.pidgin.im`) && PathPrefix(`/talkatu/latest`)
    kind: Rule
    services:
    @@ -74,6 +79,7 @@
    middlewares:
    - name: docs-strip-prefix
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: docs-tls
    options:
    --- a/50-gaim.pidgin.im.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-gaim.pidgin.im.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -32,6 +32,7 @@
    port: 80
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: gaim-tls
    options:
    --- a/50-hub.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-hub.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -34,6 +34,7 @@
    port: 8080
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: hub-tls
    options:
    --- a/50-imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -32,6 +32,7 @@
    port: 3000
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: imfreedom-tls
    options:
    --- a/50-issues.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-issues.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -45,6 +45,7 @@
    middlewares:
    - name: issues-body-size
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: issues-tls
    options:
    --- a/50-keep.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-keep.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -47,6 +47,7 @@
    port: 8080
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: keep-tls
    options:
    --- a/50-planet.pidgin.im.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-planet.pidgin.im.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -27,6 +27,7 @@
    middlewares:
    - name: planet-pidgin-redirect
    - name: https-redirect
    + - name: hsts-headers
    ---
    apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute
    --- a/50-reaperworld.com.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-reaperworld.com.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -20,6 +20,15 @@
    permanent: true
    ---
    apiVersion: traefik.containo.us/v1alpha1
    +kind: Middleware
    +metadata:
    + name: hsts-headers
    + namespace: reaperworld
    +spec:
    + headers:
    + stsSeconds: 31536000
    +---
    +apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute
    metadata:
    name: www-http
    @@ -52,6 +61,7 @@
    port: 3000
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: www-tls
    options:
    --- a/50-reviews.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-reviews.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -33,6 +33,7 @@
    port: 8000
    middlewares:
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: reviews-tls
    options:
    --- a/50-wiki.imfreedom.org.yaml Tue Sep 08 22:28:41 2020 -0500
    +++ b/50-wiki.imfreedom.org.yaml Tue Sep 08 22:50:33 2020 -0500
    @@ -165,6 +165,7 @@
    middlewares:
    # - name: ci-body-size
    - name: common-headers
    + - name: hsts-headers
    tls:
    secretName: wiki-tls
    options: