http://stream.wikimedia.org doesn't redirect to HTTPS. T134871 is about moving it behind cache_misc to standardize termination and not need a separate certificate, but VCL has also been updated there to do the same as the current direct service (not redirect HTTPS). Whichever path we go down, we need to eventually close off the insecure access here.
Description
Description
Event Timeline
Comment Actions
Note: based on simple test python and javascript clients, websocket client libraries tend to not support 301 redirects to HTTPS. So we'll probably have to go through a slightly-painful migration here as we did with T105794 with some user notification and timelines, and then watch un-observant clients get broken :/