Page MenuHomePhabricator

irc.wikimedia.org talks HTTP but not HTTPS
Closed, ResolvedPublic

Description

Apache is not even configured on port 443. I doubt we want to get an extra SSL cert for a simple redirect domain, but I'm not sure what the rules are for putting the *.wikimedia.org cert on more boxes

Event Timeline

Krenair created this task.Mar 26 2016, 4:17 AM
Restricted Application added a project: Traffic. · View Herald TranscriptMar 26 2016, 4:17 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn added a subscriber: Dzahn.Mar 29 2016, 10:45 PM

That redirect only exists because it used to be an "It works!" Apache site in the past and i thought it was ugly so redirected it to that meta page a long time ago. So it's really just a courtesy thing to get people to docs who try irc.wikimedia.org in their browser.

No, we don't want to put the cert on more boxes. Instead we could ask why there is an Apache on this in the first place and remove it entirely

Change 280342 had a related patch set uploaded (by Dzahn):
irc.wikimedia.org - remove Apache

https://gerrit.wikimedia.org/r/280342

Dzahn added a comment.Mar 30 2016, 8:41 PM

@Krenair what do you think about removing the Apache from that entirely, also HTTP?

Krinkle added a comment.EditedMar 30 2016, 8:49 PM

Sounds fine. I think it'd be nice if we can find a way to serve the redirect from misc-web-lb, but that's probably not feasible.

Having an HTTP response on the hostname is quite important for discoverability. However I think it's fine to leave out for this particular service for now given it's already well-established and in the process of soon being deprecated.

We still need to figure out a solution for this kind of problem for other services, however.

The only way I can think of to get out of having to put a certificate on the box would be to forward traffic on ports 80 and 443 to misc-web-lb, but then varnish wouldn't get the end user IP etc.

Dzahn claimed this task.Mar 30 2016, 10:27 PM

Change 280342 merged by Dzahn:
irc.wikimedia.org - remove Apache

https://gerrit.wikimedia.org/r/280342

done. removed Apache and config from argon. removed puppet role, class, template...

Dzahn closed this task as Resolved.Mar 31 2016, 12:52 AM
Dzahn removed a project: Patch-For-Review.