Page MenuHomePhabricator
Create Task
Maniphest T131367

Proxy corner case: proxy name foo.wmflabs.org == domain name foo.wmflabs.org
Closed, ResolvedPublic
Actions

Description

The example of this I'm looking at right now is 'tiles.wmflabs.org'. I've set up a by-hand entry right now, but perhaps the proxy panel should handle it.

Ordinarily a record like 'foo.wmflabs.org' would be on the domain 'wmflabs.org'. In the case of tiles.wmflabs.org, though, the domain 'tiles.wmflabs.org' also exists. In that case, apparently the record 'tiles.wmflabs.org' needs to belong to the subdomain 'tiles.wmflabs.org' -- if it belongs to wmflabs.org it doesn't resolve.

So, I guess this is yet another special case that the proxy panel needs to handle :(

Details

SubjectRepoBranchLines +/-
Handle proxy domain existing as an actual zone in the current projectopenstack/horizon/wmf-proxy-dashboardocata+18 -18
Update wmf-proxy-dashboardopenstack/horizon/deployocata+1 -1
Handle proxy domain existing as an actual zone in the current projectopenstack/horizon/wmf-proxy-dashboardmaster+18 -18
Customize query in gerrit

Related Objects

Event Timeline

Andrew created this task.Mar 31 2016, 4:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 31 2016, 4:07 PM
Andrew added a comment.Mar 31 2016, 4:08 PM

For the record, I'm not sure that fixing this is a better solution than just saying "Don't do that then"

Krenair mentioned this in T131448: librarybase project cannot create a proxy for librarybase.wmflabs.org.Apr 1 2016, 12:07 PM
bd808 subscribed.Apr 1 2016, 1:43 PM
In T131367#2165108, @Andrew wrote:

For the record, I'm not sure that fixing this is a better solution than just saying "Don't do that then"

Would this mean that we can no longer have https protection for Horizon proxied services? It looks like the CN on our cert is only *.wmflabs.org

Andrew added a comment.Apr 1 2016, 1:56 PM

Would this mean that we can no longer have https protection for Horizon proxied services?

I was thinking more in terms of the opposite case: 'If you want a proxy at projectname.wmflabs.org, then you can't also have things in a subdomain like foo.projectname.wmflabs.org"

Andrew added a comment.Apr 1 2016, 2:52 PM

I've just verified that there are no longer any current proxies bitten by this issue. It's still a UI issue though.

chasemp triaged this task as Medium priority.Apr 4 2016, 1:51 PM
Andrew added a comment.Apr 6 2016, 7:18 PM

well, I was wrong about the 'no longer any current proxies bitten' thing -- wma.wmflabs.org is one. So my audit was wrong somehow.

JJMC89 merged a task: T131970: Wma.wmflabs.org is down.Apr 6 2016, 7:26 PM
JJMC89 added a subscriber: Ktr101.
Ktr101 added a comment.Apr 6 2016, 7:29 PM

Andrew has overridden the issue, for now: https://en.wikipedia.org/w/index.php?title=Wikipedia:Village_pump_%28technical%29&diff=713953259&oldid=713951626

AlexMonk-WMF added a comment.Jul 26 2016, 12:10 AM
In T131367#2168775, @bd808 wrote:
In T131367#2165108, @Andrew wrote:

For the record, I'm not sure that fixing this is a better solution than just saying "Don't do that then"

Would this mean that we can no longer have https protection for Horizon proxied services? It looks like the CN on our cert is only *.wmflabs.org

If we really wanted to support *.*.wmflabs.org domains I imagine we could have some setup involving Let's Encrypt to deal with that.
*.wmflabs.org domains are fine.

AlexMonk-WMF mentioned this in T104521: Support reverse dns for public labs IPs.Aug 3 2016, 9:22 PM
Krenair mentioned this in T206487: Request creation of eventmetrics VPS project.Nov 2 2018, 3:50 AM
gerritbot subscribed.Nov 2 2018, 4:06 AM

Change 471203 had a related patch set uploaded (by Alex Monk; owner: Alex Monk):
[openstack/horizon/wmf-proxy-dashboard@master] Handle proxy domain existing as an actual zone in the current project

https://gerrit.wikimedia.org/r/471203

gerritbot edited projects, added Patch-For-Review; removed Cloud-Services.Nov 2 2018, 4:06 AM
Andrew merged a task: T208600: Allow VPS projects to have a domain with the same name.Nov 2 2018, 3:49 PM
Andrew added subscribers: MusikAnimal, Krenair.
gerritbot added a comment.Dec 13 2018, 11:07 PM

Change 471203 merged by Andrew Bogott:
[openstack/horizon/wmf-proxy-dashboard@master] Handle proxy domain existing as an actual zone in the current project

https://gerrit.wikimedia.org/r/471203

gerritbot added a comment.Dec 13 2018, 11:09 PM

Change 479565 had a related patch set uploaded (by Andrew Bogott; owner: Alex Monk):
[openstack/horizon/wmf-proxy-dashboard@ocata] Handle proxy domain existing as an actual zone in the current project

https://gerrit.wikimedia.org/r/479565

gerritbot added a comment.Dec 13 2018, 11:11 PM

Change 479565 merged by Andrew Bogott:
[openstack/horizon/wmf-proxy-dashboard@ocata] Handle proxy domain existing as an actual zone in the current project

https://gerrit.wikimedia.org/r/479565

gerritbot added a comment.Dec 13 2018, 11:11 PM

Change 479566 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[openstack/horizon/deploy@ocata] Update wmf-proxy-dashboard

https://gerrit.wikimedia.org/r/479566

gerritbot added a comment.Dec 13 2018, 11:12 PM

Change 479566 merged by Andrew Bogott:
[openstack/horizon/deploy@ocata] Update wmf-proxy-dashboard

https://gerrit.wikimedia.org/r/479566

Stashbot subscribed.Dec 13 2018, 11:13 PM

Mentioned in SAL (#wikimedia-operations) [2018-12-13T23:13:51Z] <andrew@deploy1001> Started deploy [horizon/deploy@18c4ca6]: Rolling out fix for T131367

Stashbot added a comment.Dec 13 2018, 11:17 PM

Mentioned in SAL (#wikimedia-operations) [2018-12-13T23:17:16Z] <andrew@deploy1001> Finished deploy [horizon/deploy@18c4ca6]: Rolling out fix for T131367 (duration: 03m 25s)

Andrew closed this task as Resolved.Dec 13 2018, 11:21 PM
Andrew claimed this task.

I've deployed @Krenair 's fix for this and it looks good.

Krenair claimed this task.Dec 13 2018, 11:31 PM
Krenair removed a subtask: T212570: Follow up T131367: Clean up existing cases of proxies matching project names.Dec 22 2018, 9:54 PM
MusikAnimal mentioned this in T291886: WikiWho tool is down on English Wikipedia.Sep 27 2021, 10:04 PM
Maintenance_bot removed a project: Patch-For-Review.Sep 27 2021, 10:11 PM
Restricted Application added a project: cloud-services-team (Kanban). · View Herald TranscriptSep 27 2021, 10:11 PM
MusikAnimal mentioned this in T295818: Request increased quota for wikiwho Cloud VPS project.Nov 16 2021, 8:28 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL