Page MenuHomePhabricator
Create Task
Maniphest T132459

HTTPS redirects for config-master.wikimedia.org
Closed, ResolvedPublic
Actions

Description

Enabling this is trivial, the question is: is there any reason we *can't* enable this? Who's responsible for this service and might know of exceptions like mixed-content, or HTTPS-incapable tools which rely on it, etc? [note this a generic message being tacked into the description of several similar tickets]

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved emaT108827 Investigate TCP Fast Open for tlsproxy
 DeclinedNoneT107236 Switch port 80 to nginx on primary clusters
 ResolvedBBlackT104681 HTTPS Plans (tracking / high-level info)
 ResolvedBBlackT102824 Clean up DNS/redirects for TLS
 ResolvedArielGlennT107575 download.wiki[mp]edia.org are using an invalid certificate
 ResolvedChmarkineT110511 sitemap.wikimedia.org uses invalid SSL certificate
 ResolvedBBlackT104244 Preload HSTS
 ResolvedBBlackT102814 Decom old multiple-subdomain wikis in wikipedia.org
 ResolvedBBlackT104942 TLS and *.wap/*.mobile multi-level subdomains of wikipedia.org
 ResolvedBBlackT102815 Decom www.$lang hostnames/redirects
 ResolvedBBlackT102826 Fix/decom multiple-subdomain wikis in wikimedia.org
 ResolvedBBlackT102827 Decide what to do with *.donate.wikimedia.org subdomain + TLS
 Resolved CCogdill_WMFT130414 delete links.email.donate.wikimedia.org (and all other email.donate.*?) from DNS
 DeclinedBBlackT111967 Preload HSTS for select hostnames within wikimedia.org
 DuplicateBBlackT111998 investigate/remove hostname login.m.wikimedia.org
 ResolvedBBlackT40516 Enable HSTS on Wikimedia sites
 ResolvedBBlackT103919 let all services on misc-web enforce http->https redirects
 ResolvedBBlackT132459 HTTPS redirects for config-master.wikimedia.org
 ResolvedBBlackT132452 HSTS preload for wmfusercontent.org
 ResolvedBBlackT132685 Preload STS for wikimedia.org
 ResolvedBBlackT34796 status.wikimedia.org has no (valid) HTTPS
 ResolvedBBlackT132450 enable https for (ubuntu|apt|mirrors).wikimedia.org
 ResolvedBBlackT132812 Sort out letsencrypt puppetization for simple public hosts

Event Timeline

BBlack created this task.Apr 12 2016, 3:41 PM
Dzahn added a project: PyBal.Apr 12 2016, 6:02 PM
Dzahn added a subscriber: Joe.
gerritbot subscribed.Apr 12 2016, 10:02 PM

Change 283089 had a related patch set uploaded (by BBlack):
Use https://config-master.wm.o for rolematcher T132459

https://gerrit.wikimedia.org/r/283089

gerritbot added a project: Patch-For-Review.Apr 12 2016, 10:02 PM
gerritbot added a comment.Apr 13 2016, 2:33 PM

Change 283089 merged by BBlack:
Use https://config-master.wm.o for rolematcher T132459

https://gerrit.wikimedia.org/r/283089

BBlack added a comment.Apr 13 2016, 2:37 PM

Re: rolematcher - the only real host I could trace it to in puppetization was fluorine. However, post-merge the update did not get applied there, so I think through some indirection I didn't look at closely enough, it's not really being actively deployed anywhere. I was under the impression udp2log was dead/dying anyways, so that's probably why!

gerritbot added a comment.Apr 13 2016, 2:39 PM

Change 283190 had a related patch set uploaded (by BBlack):
config-master.wm.o HTTPS redirect T132459

https://gerrit.wikimedia.org/r/283190

gerritbot added a comment.Apr 13 2016, 2:41 PM

Change 283190 merged by BBlack:
config-master.wm.o HTTPS redirect T132459

https://gerrit.wikimedia.org/r/283190

BBlack closed this task as Resolved.Apr 13 2016, 2:42 PM
BBlack claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL