Page MenuHomePhabricator

wikiba.se should use HTTPS
Open, LowPublic

Description

The website wikiba.se seems not to be supporting HTTPS yet.

Related Objects

Event Timeline

abian created this task.Jan 15 2017, 5:36 PM
Restricted Application added a project: Traffic. · View Herald TranscriptJan 15 2017, 5:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
abian renamed this task from Switch wikiba.se to HTTPS to wikiba.se should use HTTPS.Jan 15 2017, 5:44 PM
Restricted Application added a project: Operations. · View Herald TranscriptJan 15 2017, 5:44 PM
Lydia_Pintscher triaged this task as Low priority.Jan 15 2017, 7:39 PM

T153563 is still open as well.

ema moved this task from Triage to TLS on the Traffic board.Jan 16 2017, 6:48 PM

wikiba.se is not owned by WMF and doesn't point to WMF DNS servers and the IP it points to is also not under our control.

Therefore i don't really see how this is an Operations/Traffic thing or what is expected from ops at this stage.

Dzahn changed the task status from Open to Stalled.Jan 17 2017, 4:23 PM

wikiba.se is not owned by WMF and doesn't point to WMF DNS servers and the IP it points to is also not under our control.

Therefore i don't really see how this is an Operations/Traffic thing or what is expected from ops at this stage.

Neither do I. Those tags were automatically added. :S

Restricted Application added a project: Traffic. · View Herald TranscriptJan 17 2017, 4:38 PM
hashar added a subscriber: hashar.Jan 18 2017, 11:42 AM

Per H131 whenever a task has the tag HTTPS associated to it, Traffic is automatically added. Then on a next edition Operations is added because Traffic is present.

Restricted Application added a project: Operations. · View Herald TranscriptJan 18 2017, 11:42 AM
matmarex added a subscriber: matmarex.

The description of HTTPS says "Issues about HTTPS and SSL encryption on Wikimedia servers.", so clearly the solution is to just remove it. :)

Jay8g added a subscriber: Jay8g.Jan 19 2017, 2:29 AM

wikiba.se is not owned by WMF and doesn't point to WMF DNS servers and the IP it points to is also not under our control.

Just curious: who does? WMDE?

hashar removed a subscriber: hashar.Jan 19 2017, 7:45 AM

Just curious: who does? WMDE?

Yes.

Namn	Abraham Taherivand
Företag	Wikimedia Deutschland e.V.
Restricted Application added a subscriber: PokestarFan. · View Herald TranscriptJul 25 2017, 8:39 PM

Who controls this?
That copy of the site is out of date now and we should probably get rid of it, or update it, but at the end of the day solve T99531

Addshore moved this task from Unsorted 💣 to Watching 👀 on the User-Addshore board.
Addshore moved this task from incoming to blocked on others on the Wikidata board.

Who controls this?

For unknown reasons the Horizon web interface doesn't show the proxy "wikibase.wmflabs.org" in the project "wikidata-dev" context. (bug)

But it could be found here: https://tools.wmflabs.org/openstack-browser/proxy/

The project is: https://tools.wmflabs.org/openstack-browser/project/wikidata-dev

You can see the list of admins there.

The puppet role is role(wikibase) which i once wrote and it's applied via "prefix puppet" on "all VMs in the wikidata-dev project whose names begin with 'wikibase'.".

What this role does is git clone the deploy repo (wikibase/wikiba.se-deploy). So if that's out of date then either the deploy repo is out of date or the git cloning stopped working.

What this role does is git clone the deploy repo (wikibase/wikiba.se-deploy). So if that's out of date then either the deploy repo is out of date or the git cloning stopped working.

Thanks, updated in https://gerrit.wikimedia.org/r/#/c/wikibase/wikiba.se-deploy/+/453684/

for status on HTTPs for that please see T99531#4511979

T199711 is a deployment task for wikimedia prod, I don't think it will affect this?

I added it because T99531#4511979 says resolving T199711 "makes this whole thing simpler and zero cert cost". and that would include this ticket here afaict.

right, that makes it a subtask rather than parent task I think :)

Dzahn changed the task status from Stalled to Open.Apr 2 2019, 10:19 AM

This is now unstalled. We have a certificate now and it is basically in WMF prod, just DNS has not been switched yet and we need to add some redirects and HSTS.

06:06 < vgutierrez> so.. right now if you set wikiba.se in /etc/hosts or using curl --resolve to point to one of our text-lb you should get the wikiba.se hosted in WMF
06:06 < vgutierrez> something like curl --resolve wikiba.se:443:91.198.174.192 https://wikiba.se
06:06 < vgutierrez> currently the TLS certificate supports wikiba.se and www.wikiba.se
MasinAlDujailiWMDE added a comment.EditedApr 12 2019, 12:51 PM

I am out of this. Currently, ns[0-2].wikimedia.org are authoritative for wikiba.se: T99531#4862262.

I guess we need to update operations/dns then?

that's right, operations/dns manages wikiba.se

I am out of this. Currently, ns[0-2].wikimedia.org are authoritative for wikiba.se: T99531#4862262.

Do you know anything about the domain ownership transfer though?

I guess we need to update operations/dns then?

Next is deploying https://gerrit.wikimedia.org/r/c/operations/puppet/+/500715 for T99531#5077170

and then https://gerrit.wikimedia.org/r/c/operations/puppet/+/500695

and then WMDE and WMF have to agree on the domain transfer ownership (Lydia said she will ping some people to find out)

looks like we are not going to do https://gerrit.wikimedia.org/r/c/operations/puppet/+/500711

Also note since recently we now have wikibase.org (https://gerrit.wikimedia.org/r/c/operations/dns/+/503154)

  • done

and then https://gerrit.wikimedia.org/r/c/operations/puppet/+/500695

  • done

and then WMDE and WMF have to agree on the domain transfer ownership (Lydia said she will ping some people to find out)

  • still to do

looks like we are not going to do https://gerrit.wikimedia.org/r/c/operations/puppet/+/500711

  • stalled / abandon?

Also note since recently we now have wikibase.org (https://gerrit.wikimedia.org/r/c/operations/dns/+/503154)

  • I don't assume you guys are interested in switching domains? heh