Page MenuHomePhabricator
Create Task
Maniphest T133548

Create a secure redirect service for large count of non-canonical / junk domains
Closed, ResolvedPublic
Actions

Description

Given recent progress on production puppetization of LetsEncrypt.org (LE), and LE itself improving in general in recent months (moved from beta to production status, has proved itself a bit, ratelimits are reasonable, etc), I think we can now really contemplate the idea of doing a secure redirector service to cover large counts of junk domains. We talked this out a bit on IRC, and AFAICS there's now no real technical blockers to making this happen; we'll probably be able to handle hundreds of one-off domainnames for this through LE mechanisms.

One noteable tradeoff is it will have to be an SNI-dependent service for the bulk of the names. That means many of these secure redirects will not work for certain older browsers (notably IE[78]-on-XP, Android 2.x, and some very old feature phones like Symbian and Blackberry). Given the alternative is to dead-park (no browser functionality or at least no true redirect) the bulk of these domains, the SNI limitation is probably acceptable, and we can certainly arrange the certificate sets such that the highest-value ones are on the default SNI server for greater compatibility than the rest.

What it basically boils down to now is:

  • Decide on a reasonable SAN list length limit per cert: 100
  • Prioritize which "junk" domains should be in the primary (works for non-SNI) SAN list
  • Puppetize a service role built around modules/nginx + acme-chief that can redirect a configured large set of domainnames securely.
  • Assign a new public IP for this in eqiad + codfw LVS ranges.
  • Deploy this service in eqiad + codfw (possibly on virtual hosts as the load should be fairly light). Probably manual gdnsd inter-DC failover at least initially until we sort out x-dc LE-cert issues.

Details

SubjectRepoBranchLines +/-
Point wikimedia.community to the non canonical redirect serviceoperations/dnsmaster+1 -45
VCL: Remove host regex from TLS redirectoperations/puppetproduction+3 -8
redirects.dat: Enforce HTTPS for canonical domainsoperations/puppetproduction+102 -102
redirects.dat: Get rid of non canonical domains rulesoperations/puppetproduction+2 -156
Point wikimania.org to the non canonical redirect serviceoperations/dnsmaster+1 -0
Feed more parked domains to the non canonical redirect serviceoperations/dnsmaster+11 -11
ncredir: Add redirection rules for domains added in non-canonical-cert-6operations/puppetproduction+28 -5
ncredir: Add non-canonical-redirect-6operations/puppetproduction+50 -1
Redirect mediawiki.com to the non canonical redirect serviceoperations/dnsmaster+1 -1
Redirect wikimania.com to the non canonical redirect serviceoperations/dnsmaster+1 -1
Update wikipedia non canonical domainsoperations/dnsmaster+2 -2
Update wikimediafoundation non canonical domainsoperations/dnsmaster+4 -4
Update wikibooks non canonical domainsoperations/dnsmaster+3 -3
Update wikinews non canonical domainsoperations/dnsmaster+3 -3
Update wikiquote non canonical domainsoperations/dnsmaster+4 -4
Update wikiversity non canonical domainsoperations/dnsmaster+2 -2
Update wikivoyage non canonical domainsoperations/dnsmaster+7 -7
Update wiktionary non canonical domainsoperations/dnsmaster+3 -3
Update wikisource non canonical domainsoperations/dnsmaster+3 -4
ncredir: Handle more domains to the non canonical redirect serviceoperations/dnsmaster+17 -17
nc_redirects.dat: Add rules to support non-canonical-redirect-5operations/puppetproduction+32 -0
ncredir: Introduce non-canonical-redirect-5operations/puppetproduction+50 -0
ncredir: Let ncredir take over wikimedia.com and linked DNS zonesoperations/dnsmaster+12 -11
Let ncredir take care of voyagewiki.com and voyagewiki.orgoperations/dnsmaster+2 -2
nc_redirects.dat: Re-enable voyagewiki.(org|com) rulesoperations/puppetproduction+4 -4
Let ncredir take care of wikimediacommons non canonical domainsoperations/dnsmaster+6 -6
nc_redirects.dat: Re-enable wikimediacommons rulesoperations/puppetproduction+6 -6
redirects.dat - split non-canonical to separate sectionoperations/puppetproduction+380 -326
ncredir hostname and service IPoperations/dnsmaster+5 -0
Point several wikipedia non-canonical domains to ncredir-parkingoperations/dnsmaster+4 -4
nc_redirects.dat: Reenable rules for non-canonical wikipedia.org domainsoperations/puppetproduction+5 -5
Redirect already configured wikipedia non canonical domains to ncrediroperations/dnsmaster+14 -14
Add domain root addrs for ncrediroperations/dnsmaster+2 -0
ncredir: Fix notes_urloperations/puppetproduction+1 -1
lvs: Enable paging for ncredir checksoperations/puppetproduction+1 -1
ncredir: Set notes_url for https_ncrediroperations/puppetproduction+1 -1
lvs: Fix icinga checks for ncredir and ncredir-httpsoperations/puppetproduction+5 -14
lvs: Fix typo on icinga check command definition for ncrediroperations/puppetproduction+2 -2
cumin: Add ncredir aliasesoperations/puppetproduction+3 -0
ncredir: Enable monitoringoperations/puppetproduction+1 -0
Switch wikipedia.com to the ncredir-parking DNS zonefileoperations/dnsmaster+1 -1
lvs: Add ncredir service to high-traffic1operations/puppetproduction+78 -0
Add a ncredir-parking zoneoperations/dnsmaster+79 -0
Split langlist helper in twooperations/dnsmaster+16 -15
Add ncredir-lb recordsoperations/dnsmaster+20 -0
site: Set ncredir role for ncredir[12]002 instancesoperations/puppetproduction+2 -2
hieradata: Grant access to ncredir[12]002 to non-canonical-redirect certsoperations/puppetproduction+12 -12
install_server: Handle installation of ncredir[12]002operations/puppetproduction+11 -1
ncredir: Provide /_status endpoint even when a redirection rule matchesoperations/puppetproduction+14 -16
Add DNS entries for ncredir[12]002operations/dnsmaster+9 -1
ncredir: Move last resource return to a location blockoperations/puppetproduction+12 -6
ncredir: Provide a /_status endpoint for LVS monitoring purposesoperations/puppetproduction+10 -0
ncredir: Use a custom access_log log_formatoperations/puppetproduction+12 -1
ncredir: Notify nginx when redirection_maps.conf is changedoperations/puppetproduction+1 -0
site: Add ncredir[12]001 instances definitionoperations/puppetproduction+11 -0
install_server: Add disk layout for ncredir[12]001 instancesoperations/puppetproduction+1 -0
hieradata: Grant ncredir instances access to the ncredir certificatesoperations/puppetproduction+8 -4
ncredir: Provide initial puppetizationoperations/puppetproduction+386 -0
acme_chief: Introduce the concept of shared certificatesoperations/puppetproduction+177 -165
install_server: Add DHCP entries for ncredir[12]001operations/puppetproduction+10 -0
Add ncredir[12]001 DNS entriesoperations/dnsmaster+8 -0
redirects.dat: Ban using <domain>.*.<domain>operations/puppetproduction+0 -7
acme_chief: Enable SNI prevalidation for non-canonical certificatesoperations/puppetproduction+15 -0
POC: Secure redirect serviceoperations/puppetproduction+127 -0
Show related patches Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved emaT108827 Investigate TCP Fast Open for tlsproxy
 DeclinedNoneT107236 Switch port 80 to nginx on primary clusters
 OpenNoneT101048 Policy decisions for new (and current) DNS domains registered to the WMF
 ResolvedBBlackT104681 HTTPS Plans (tracking / high-level info)
 ResolvedVgutierrezT214253 en.wikipedia.com [sic] serves an invalid certificate
 ResolvedVgutierrezT190244 en-wp.org certificate error
 ResolvedVgutierrezT133548 Create a secure redirect service for large count of non-canonical / junk domains
 ResolvedBBlackT132812 Sort out letsencrypt puppetization for simple public hosts
 ResolvedNoneT134447 letsencrypt puppetization: upgrade for scalability
 ResolvedNoneT141266 letsencrypt puppetization: add parallel rsa+ecdsa cert support
 DuplicateNoneT152622 Wikipedia.cz and other domains owned by WMCZ have invalid certificate
 ResolvedKrenairT194962 Create and deploy a centralized letsencrypt service
 ResolvedBBlackT194965 gdnsd plugin support for ACME DNS challenges
 ResolvedMarcoAurelioT198541 Set up CI for new repo operations/software/certcentral.git
 ResolvedKrenairT153577 Make standalone puppetmasters optionally use PuppetDB
 ResolvedscfcT154104 role::puppetmaster::puppetdb depends on Ganglia and cannot be used in Labs
 ResolvedVgutierrezT207476 Create production LE accounts
 ResolvedVgutierrezT220518 acme-chief: Validate that configured certificates can be actually issued
 ResolvedVgutierrezT224539 Provide nginx support in compile_redirects()
 OpenVgutierrezT225096 Provide acme-chief/TLS SNI list support in compile_redirects()
 ResolvedVgutierrezT228382 Provide prometheus metrics for the ncredir service

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
gerritbot added a comment.Jul 11 2019, 10:35 AM

Change 522055 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] lvs: Add ncredir service to high-traffic1

https://gerrit.wikimedia.org/r/522055

gerritbot added a comment.Jul 11 2019, 2:49 PM

Change 521414 merged by Vgutierrez:
[operations/dns@master] Add ncredir-lb records

https://gerrit.wikimedia.org/r/521414

Vgutierrez updated the task description. (Show Details)Jul 11 2019, 2:55 PM
gerritbot added a comment.Jul 15 2019, 9:11 AM

Change 523106 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Split langlist helper in two

https://gerrit.wikimedia.org/r/523106

gerritbot added a comment.Jul 15 2019, 9:33 AM

Change 523114 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Add a ncredir-parking zone

https://gerrit.wikimedia.org/r/523114

gerritbot added a comment.Jul 15 2019, 9:33 AM

Change 523115 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Switch wikipedia.com to the ncredir-parking DNS zonefile

https://gerrit.wikimedia.org/r/523115

gerritbot added a comment.Jul 16 2019, 7:41 AM

Change 523106 merged by Vgutierrez:
[operations/dns@master] Split langlist helper in two

https://gerrit.wikimedia.org/r/523106

gerritbot added a comment.Jul 16 2019, 7:44 AM

Change 523114 merged by Vgutierrez:
[operations/dns@master] Add a ncredir-parking zone

https://gerrit.wikimedia.org/r/523114

gerritbot added a comment.Jul 16 2019, 10:01 AM

Change 522055 merged by Vgutierrez:
[operations/puppet@production] lvs: Add ncredir service to high-traffic1

https://gerrit.wikimedia.org/r/522055

gerritbot added a comment.Jul 16 2019, 10:22 AM

Change 523115 merged by Vgutierrez:
[operations/dns@master] Switch wikipedia.com to the ncredir-parking DNS zonefile

https://gerrit.wikimedia.org/r/523115

gerritbot added a comment.Jul 16 2019, 10:47 AM

Change 523676 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Enable monitoring

https://gerrit.wikimedia.org/r/523676

gerritbot added a comment.Jul 16 2019, 10:52 AM

Change 523676 merged by Vgutierrez:
[operations/puppet@production] ncredir: Enable monitoring

https://gerrit.wikimedia.org/r/523676

gerritbot added a comment.Jul 16 2019, 10:57 AM

Change 523680 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] cumin: Add ncredir aliases

https://gerrit.wikimedia.org/r/523680

gerritbot added a comment.Jul 16 2019, 11:00 AM

Change 523680 merged by Vgutierrez:
[operations/puppet@production] cumin: Add ncredir aliases

https://gerrit.wikimedia.org/r/523680

gerritbot added a comment.Jul 16 2019, 11:07 AM

Change 523682 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] lvs: Fix typo on icinga check command definition for ncredir

https://gerrit.wikimedia.org/r/523682

gerritbot added a comment.Jul 16 2019, 11:17 AM

Change 523682 merged by Vgutierrez:
[operations/puppet@production] lvs: Fix typo on icinga check command definition for ncredir

https://gerrit.wikimedia.org/r/523682

gerritbot added a comment.Jul 16 2019, 12:22 PM

Change 523700 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] lvs: Fix icinga checks for ncredir and ncredir-https

https://gerrit.wikimedia.org/r/523700

gerritbot added a comment.Jul 16 2019, 1:10 PM

Change 523700 merged by Vgutierrez:
[operations/puppet@production] lvs: Fix icinga checks for ncredir and ncredir-https

https://gerrit.wikimedia.org/r/523700

Vgutierrez updated the task description. (Show Details)Jul 16 2019, 1:33 PM
Vgutierrez added a comment.Jul 16 2019, 1:36 PM

ncredir service has been deployed successfully and it's currently serving live traffic for wikipedia.com:

$ curl -v https://en.wikipedia.com/wiki/Special:Random -o /dev/null 2>&1 |fgrep -i location:
< location: https://en.wikipedia.org/wiki/Special:Random
$ curl -v http://en.wikipedia.com/wiki/Special:Random -o /dev/null 2>&1 |fgrep -i location:
< Location: https://en.wikipedia.org/wiki/Special:Random
gerritbot added a comment.Jul 17 2019, 8:47 AM

Change 523877 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Set notes_url for https_ncredir

https://gerrit.wikimedia.org/r/523877

gerritbot added a comment.Jul 17 2019, 8:47 AM

Change 523878 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] lvs: Enable paging for ncredir checks

https://gerrit.wikimedia.org/r/523878

gerritbot added a comment.Jul 17 2019, 9:18 AM

Change 523877 merged by Vgutierrez:
[operations/puppet@production] ncredir: Set notes_url for https_ncredir

https://gerrit.wikimedia.org/r/523877

gerritbot added a comment.Jul 17 2019, 9:23 AM

Change 523878 merged by Vgutierrez:
[operations/puppet@production] lvs: Enable paging for ncredir checks

https://gerrit.wikimedia.org/r/523878

gerritbot added a comment.Jul 17 2019, 9:53 AM

Change 523888 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Fix notes_url

https://gerrit.wikimedia.org/r/523888

gerritbot added a comment.Jul 17 2019, 9:55 AM

Change 523888 merged by Vgutierrez:
[operations/puppet@production] ncredir: Fix notes_url

https://gerrit.wikimedia.org/r/523888

gerritbot added a comment.Jul 17 2019, 11:05 AM

Change 523902 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Redirect already configured wikipedia non canonical domains to ncredir

https://gerrit.wikimedia.org/r/523902

gerritbot added a comment.Jul 17 2019, 1:28 PM

Change 523924 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/dns@master] Add domain root addrs for ncredir

https://gerrit.wikimedia.org/r/523924

gerritbot added a comment.Jul 17 2019, 4:42 PM

Change 523924 merged by Vgutierrez:
[operations/dns@master] Add domain root addrs for ncredir

https://gerrit.wikimedia.org/r/523924

gerritbot added a comment.Jul 17 2019, 4:44 PM

Change 523902 merged by Vgutierrez:
[operations/dns@master] Redirect already configured wikipedia non canonical domains to ncredir

https://gerrit.wikimedia.org/r/523902

gerritbot added a comment.Jul 18 2019, 6:16 AM

Change 524092 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nc_redirects.dat: Reenable rules for non-canonical wikipedia.org domains

https://gerrit.wikimedia.org/r/524092

gerritbot added a comment.Jul 18 2019, 6:22 AM

Change 524093 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Point several wikipedia non-canonical domains to ncredir-parking

https://gerrit.wikimedia.org/r/524093

gerritbot added a comment.Jul 18 2019, 6:28 AM

Change 524092 merged by Vgutierrez:
[operations/puppet@production] nc_redirects.dat: Reenable rules for non-canonical wikipedia.org domains

https://gerrit.wikimedia.org/r/524092

gerritbot added a comment.Jul 18 2019, 6:34 AM

Change 524093 merged by Vgutierrez:
[operations/dns@master] Point several wikipedia non-canonical domains to ncredir-parking

https://gerrit.wikimedia.org/r/524093

gerritbot added a comment.Aug 1 2019, 5:10 PM

Change 295249 abandoned by BBlack:
ncredir hostname and service IP

Reason:
Better things were done in the interim!

https://gerrit.wikimedia.org/r/295249

gerritbot added a comment.Aug 1 2019, 5:10 PM

Change 292785 abandoned by BBlack:
redirects.dat - split non-canonical to separate section

Reason:
Better stuff done recently!

https://gerrit.wikimedia.org/r/292785

Vgutierrez closed subtask T228382: Provide prometheus metrics for the ncredir service as Resolved.Aug 6 2019, 5:38 AM
gerritbot added a comment.Aug 6 2019, 6:12 AM

Change 528316 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] ncredir: Let ncredir take over wikimedia.com and linked DNS zones

https://gerrit.wikimedia.org/r/528316

gerritbot added a comment.Aug 6 2019, 6:57 AM

Change 528320 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Let ncredir take care of wikimediacommons non canonical domains

https://gerrit.wikimedia.org/r/528320

gerritbot added a comment.Aug 6 2019, 6:58 AM

Change 528321 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nc_redirects.dat: Re-enable wikimediacommons rules

https://gerrit.wikimedia.org/r/528321

gerritbot added a comment.Aug 6 2019, 7:02 AM

Change 528321 merged by Vgutierrez:
[operations/puppet@production] nc_redirects.dat: Re-enable wikimediacommons rules

https://gerrit.wikimedia.org/r/528321

gerritbot added a comment.Aug 6 2019, 7:05 AM

Change 528320 merged by Vgutierrez:
[operations/dns@master] Let ncredir take care of wikimediacommons non canonical domains

https://gerrit.wikimedia.org/r/528320

gerritbot added a comment.Aug 6 2019, 7:11 AM

Change 528345 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nc_redirects.dat: Re-enable voyagewiki.(org|com) rules

https://gerrit.wikimedia.org/r/528345

gerritbot added a comment.Aug 6 2019, 7:12 AM

Change 528368 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Let ncredir take care of voyagewiki.com and voyagewiki.org

https://gerrit.wikimedia.org/r/528368

gerritbot added a comment.Aug 6 2019, 7:15 AM

Change 528345 merged by Vgutierrez:
[operations/puppet@production] nc_redirects.dat: Re-enable voyagewiki.(org|com) rules

https://gerrit.wikimedia.org/r/528345

gerritbot added a comment.Aug 6 2019, 7:19 AM

Change 528368 merged by Vgutierrez:
[operations/dns@master] Let ncredir take care of voyagewiki.com and voyagewiki.org

https://gerrit.wikimedia.org/r/528368

gerritbot added a comment.Aug 6 2019, 8:26 AM

Change 528394 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] ncredir: Handle more domains to the non canonical redirect service

https://gerrit.wikimedia.org/r/528394

gerritbot added a comment.Aug 6 2019, 8:31 AM

Change 528397 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Introduce non-canonical-redirect-5

https://gerrit.wikimedia.org/r/528397

gerritbot added a comment.Aug 6 2019, 8:31 AM

Change 528398 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] nc_redirects.dat: Add rules to support non-canonical-redirect-5

https://gerrit.wikimedia.org/r/528398

gerritbot added a comment.Aug 6 2019, 8:43 AM

Change 528316 merged by Vgutierrez:
[operations/dns@master] ncredir: Let ncredir take over wikimedia.com and linked DNS zones

https://gerrit.wikimedia.org/r/528316

gerritbot added a comment.Aug 6 2019, 9:20 AM

Change 528397 merged by Vgutierrez:
[operations/puppet@production] ncredir: Introduce non-canonical-redirect-5

https://gerrit.wikimedia.org/r/528397

gerritbot added a comment.Aug 6 2019, 9:26 AM

Change 528398 merged by Vgutierrez:
[operations/puppet@production] nc_redirects.dat: Add rules to support non-canonical-redirect-5

https://gerrit.wikimedia.org/r/528398

gerritbot added a comment.Aug 6 2019, 9:36 AM

Change 528394 merged by Vgutierrez:
[operations/dns@master] ncredir: Handle more domains to the non canonical redirect service

https://gerrit.wikimedia.org/r/528394

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532870 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikisource non canonical domains

https://gerrit.wikimedia.org/r/532870

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532871 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wiktionary non canonical domains

https://gerrit.wikimedia.org/r/532871

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532872 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikivoyage non canonical domains

https://gerrit.wikimedia.org/r/532872

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532873 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikiversity non canonical domains

https://gerrit.wikimedia.org/r/532873

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532874 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikiquote non canonical domains

https://gerrit.wikimedia.org/r/532874

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532875 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikinews non canonical domains

https://gerrit.wikimedia.org/r/532875

gerritbot added a comment.Aug 28 2019, 7:47 AM

Change 532876 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikibooks non canonical domains

https://gerrit.wikimedia.org/r/532876

gerritbot added a comment.Aug 28 2019, 8:08 AM

Change 532879 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikimediafoundation non canonical domains

https://gerrit.wikimedia.org/r/532879

gerritbot added a comment.Aug 28 2019, 8:18 AM

Change 532880 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Update wikipedia non canonical domains

https://gerrit.wikimedia.org/r/532880

gerritbot added a comment.Aug 28 2019, 8:27 AM

Change 532881 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Redirect wikimania.com to the non canonical redirect service

https://gerrit.wikimedia.org/r/532881

gerritbot added a comment.Aug 28 2019, 8:27 AM

Change 532882 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Redirect mediawiki.com to the non canonical redirect service

https://gerrit.wikimedia.org/r/532882

gerritbot added a comment.Aug 28 2019, 8:38 AM

Change 532870 merged by Vgutierrez:
[operations/dns@master] Update wikisource non canonical domains

https://gerrit.wikimedia.org/r/532870

gerritbot added a comment.Aug 28 2019, 8:40 AM

Change 532871 merged by Vgutierrez:
[operations/dns@master] Update wiktionary non canonical domains

https://gerrit.wikimedia.org/r/532871

gerritbot added a comment.Aug 28 2019, 8:41 AM

Change 532872 merged by Vgutierrez:
[operations/dns@master] Update wikivoyage non canonical domains

https://gerrit.wikimedia.org/r/532872

gerritbot added a comment.Aug 28 2019, 9:08 AM

Change 532949 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Feed more parked domains to the non canonical redirect service

https://gerrit.wikimedia.org/r/532949

gerritbot added a comment.Aug 28 2019, 9:09 AM

Change 532950 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Add non-canonical-redirect-6

https://gerrit.wikimedia.org/r/532950

gerritbot added a comment.Aug 28 2019, 9:09 AM

Change 532951 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Add redirection rules for domains added in non-canonical-cert-6

https://gerrit.wikimedia.org/r/532951

gerritbot added a comment.Aug 28 2019, 9:10 AM

Change 532873 merged by Vgutierrez:
[operations/dns@master] Update wikiversity non canonical domains

https://gerrit.wikimedia.org/r/532873

gerritbot added a comment.Aug 28 2019, 9:12 AM

Change 532874 merged by Vgutierrez:
[operations/dns@master] Update wikiquote non canonical domains

https://gerrit.wikimedia.org/r/532874

gerritbot added a comment.Aug 28 2019, 9:14 AM

Change 532875 merged by Vgutierrez:
[operations/dns@master] Update wikinews non canonical domains

https://gerrit.wikimedia.org/r/532875

gerritbot added a comment.Aug 28 2019, 9:15 AM

Change 532876 merged by Vgutierrez:
[operations/dns@master] Update wikibooks non canonical domains

https://gerrit.wikimedia.org/r/532876

gerritbot added a comment.Aug 28 2019, 9:16 AM

Change 532879 merged by Vgutierrez:
[operations/dns@master] Update wikimediafoundation non canonical domains

https://gerrit.wikimedia.org/r/532879

gerritbot added a comment.Aug 28 2019, 9:23 AM

Change 532880 merged by Vgutierrez:
[operations/dns@master] Update wikipedia non canonical domains

https://gerrit.wikimedia.org/r/532880

gerritbot added a comment.Aug 28 2019, 9:25 AM

Change 532881 merged by Vgutierrez:
[operations/dns@master] Redirect wikimania.com to the non canonical redirect service

https://gerrit.wikimedia.org/r/532881

gerritbot added a comment.Aug 28 2019, 9:25 AM

Change 532882 merged by Vgutierrez:
[operations/dns@master] Redirect mediawiki.com to the non canonical redirect service

https://gerrit.wikimedia.org/r/532882

gerritbot added a comment.Aug 28 2019, 9:29 AM

Change 532950 merged by Vgutierrez:
[operations/puppet@production] ncredir: Add non-canonical-redirect-6

https://gerrit.wikimedia.org/r/532950

gerritbot added a comment.Aug 28 2019, 9:36 AM

Change 532951 merged by Vgutierrez:
[operations/puppet@production] ncredir: Add redirection rules for domains added in non-canonical-cert-6

https://gerrit.wikimedia.org/r/532951

gerritbot added a comment.Aug 28 2019, 10:20 AM

Change 532949 merged by Vgutierrez:
[operations/dns@master] Feed more parked domains to the non canonical redirect service

https://gerrit.wikimedia.org/r/532949

gerritbot added a comment.Aug 29 2019, 5:19 AM

Change 533141 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] redirects.dat: Get rid of non canonical domains rules

https://gerrit.wikimedia.org/r/533141

gerritbot added a comment.Aug 29 2019, 5:19 AM

Change 533142 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] redirects.dat: Enforce HTTPS for canonnical domains

https://gerrit.wikimedia.org/r/533142

gerritbot added a comment.Aug 29 2019, 1:52 PM

Change 533213 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Point wikimania.org to the non canonical redirect service

https://gerrit.wikimedia.org/r/533213

gerritbot added a comment.Aug 29 2019, 2:02 PM

Change 533219 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/dns@master] Point wikimedia.community to the non canonical redirect service

https://gerrit.wikimedia.org/r/533219

gerritbot added a comment.Aug 29 2019, 2:30 PM

Change 533213 merged by BBlack:
[operations/dns@master] Point wikimania.org to the non canonical redirect service

https://gerrit.wikimedia.org/r/533213

gerritbot added a comment.Aug 29 2019, 2:33 PM

Change 533219 merged by BBlack:
[operations/dns@master] Point wikimedia.community to the non canonical redirect service

https://gerrit.wikimedia.org/r/533219

gerritbot added a comment.Aug 29 2019, 2:38 PM

Change 533141 merged by BBlack:
[operations/puppet@production] redirects.dat: Get rid of non canonical domains rules

https://gerrit.wikimedia.org/r/533141

gerritbot added a comment.Aug 29 2019, 2:41 PM

Change 533142 merged by BBlack:
[operations/puppet@production] redirects.dat: Enforce HTTPS for canonical domains

https://gerrit.wikimedia.org/r/533142

gerritbot added a comment.Nov 14 2019, 9:18 PM

Change 550931 had a related patch set uploaded (by BBlack; owner: BBlack):
[operations/puppet@production] VCL: Remove host regex from TLS redirect and STS

https://gerrit.wikimedia.org/r/550931

gerritbot added a comment.Nov 15 2019, 6:27 PM

Change 550931 merged by BBlack:
[operations/puppet@production] VCL: Remove host regex from TLS redirect

https://gerrit.wikimedia.org/r/550931

gerritbot mentioned this in T53700: https://login.wikimedia.beta.wmflabs.org/ trapped in an infinite self-redirect.Dec 19 2019, 7:47 AM
RobH unsubscribed.Mar 3 2020, 6:03 PM
Ladsgroup awarded a token.Oct 19 2020, 8:38 AM
Ladsgroup subscribed.
Base subscribed.Mar 27 2021, 4:52 PM
Aklapper removed a project: Patch-For-Review.Apr 2 2021, 9:44 AM

@Vgutierrez: Hi, all related patches in Gerrit have been merged or abandoned. Is there more to do in this task? Asking as you are set as task assignee. Thanks in advance! (You can change the task status via Add Action...Change Status in the dropdown menu.)

Aklapper closed this task as Resolved.Jun 17 2021, 9:30 PM

@Vgutierrez: No reply; assuming this is resolved. If not, please reopen.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL