Disable HSTS for Firefox 52 to avoid issues with remote editing

[chef.git] / cookbooks / web / templates / default / apache.frontend.erb

diff --git a/cookbooks/web/templates/default/apache.frontend.erb b/cookbooks/web/templates/default/apache.frontend.erb
index 39117f4dc926a8b4319c4e8afe4d6ae455e73b87..b2bf38a2e376b6455652fb42ad7ed6209d46ce7f 100644 (file)
--- a/cookbooks/web/templates/default/apache.frontend.erb
+++ b/cookbooks/web/templates/default/apache.frontend.erb
@@ -17,6 +17,12 @@
   SSLProxyEngine on
   SSLCertificateFile /etc/ssl/certs/www.openstreetmap.org.pem
   SSLCertificateKeyFile /etc/ssl/private/www.openstreetmap.org.key
+
+  #
+  # Disable HSTS for Firefox 52 to avoid issues with remote editing
+  #
+  BrowserMatch Firefox/52 no-hsts
+  Header set Strict-Transport-Security "max-age=0" env=no-hsts
 <% end -%>
 
   #
@@ -72,7 +78,7 @@
 
   #
   # Block JOSM revisions  1722-1727 as they have a serious bug that causes
-  # lat/lon to be swapped (http://josm.openstreetmap.de/ticket/2804)
+  # lat/lon to be swapped (https://josm.openstreetmap.de/ticket/2804)
   #
   RewriteCond %{HTTP_USER_AGENT} "^JOSM/[0-9]+\.[0-9]+ \(172[234567]\)"
   RewriteRule . - [F,L]
@@ -209,14 +215,14 @@
   #
   # Redirect trac and wiki requests to the right places
   #
-  RedirectPermanent /trac/ http://trac.openstreetmap.org/
-  RedirectPermanent /wiki/ http://wiki.openstreetmap.org/
+  RedirectPermanent /trac/ https://trac.openstreetmap.org/
+  RedirectPermanent /wiki/ https://wiki.openstreetmap.org/
 
   #
   # Redirect requests for various images to the right place
   #
-  RedirectPermanent /images/osm_logo.png http://www.openstreetmap.org/assets/osm_logo.png
-  RedirectPermanent /images/cc_button.png http://www.openstreetmap.org/assets/cc_button.png
+  RedirectPermanent /images/osm_logo.png https://www.openstreetmap.org/assets/osm_logo.png
+  RedirectPermanent /images/cc_button.png https://www.openstreetmap.org/assets/cc_button.png
 
   #
   # Define a load balancer for the local backends
@@ -237,7 +243,7 @@
   #
   <Proxy balancer://ic>
     ProxySet lbmethod=bybusyness
-<% ["rails1.bm", "rails2.bm", "rails3.bm"].each do |backend| -%>
+<% ["rails1.ic", "rails2.ic", "rails3.ic"].each do |backend| -%>
 <% if port == 443 -%>
     BalancerMember https://<%= backend %> disablereuse=on
 <% else -%>
@@ -295,14 +301,17 @@
   ServerAlias www.openstreetmap.co.uk
 
   RedirectPermanent /events.ics http://calendar.openstreetmap.org.uk/events.ics
-  RedirectPermanent / http://www.openstreetmap.org/
+  RedirectPermanent / https://www.openstreetmap.org/
 </VirtualHost>
 
 <VirtualHost *:80>
   ServerName openstreetmap.org
   ServerAlias *
 
-  RedirectPermanent / http://www.openstreetmap.org/
+  RewriteEngine on
+
+  RewriteCond %{REQUEST_URI} !^/server-status$
+  RewriteRule ^(.*)$ https://www.openstreetmap.org$1 [L,NE,R=permanent]
 </VirtualHost>
 
 <VirtualHost *:443>