Page MenuHomePhabricator

stream.wikimedia.org: remove legacy rcstream/socket.io HTTPS redirect hole punches
Closed, ResolvedPublic

Description

These hole-punches in the wikimedia-frontend VCL template are supposed to go away, most likely when the rcstream service is replaced entirely by the newer eventstream service. I noticed we didn't have a task tracking this specific outstanding HTTPS issue, so making one here as a reminder!

Event Timeline

BBlack created this task.Jun 26 2017, 11:01 PM
Restricted Application added a project: Operations. · View Herald TranscriptJun 26 2017, 11:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript

@Ottomata - Any high level new info about timetables for deprecating and then removing the RCStream stuff in favor of EventStreams ( T130651 )? If it looks like it might drag on a while, we might want to go back to the idea of announcing an HTTPS-only transition ahead of the removal, perhaps. The main issue there was that at least some RCStream clients don't seem to follow redirects to HTTPS, and therefore would need manual updates of their configs to use https:// or wss:// or they get broken.

I took a peek at the most recent full day of stats in rcstream's logs, for reference, and found:

Only ~8% of requests use HTTPS
However, ~89% of requesting client IPs use HTTPS
Digging into the non-HTTPS client IPs, the overhelming majority of them are from various IPs belonging to googleusercontent.com, and most of the rest is a couple of isolated EC2 instances....

( Note also ori did a soft announce of HTTPS transition for it about a year ago, but with no target date for disabling plain HTTP: https://lists.gt.net/wiki/wikitech/719999 . This was around the same time RCStream's wikitech docs had their URLs switched to HTTPS as well ).

BBlack moved this task from Triage to TLS on the Traffic board.Jun 27 2017, 5:59 PM

Answering my own timeline question, it looks like it was announced that RCStream goes away July 7th!

Yup! I just got back from vacation, but baring some unknown blocker, plan to turn it off this week. (still checking emails though!)

BBlack closed this task as Resolved.Jul 11 2017, 12:58 AM
BBlack claimed this task.

This hole was removed today in https://gerrit.wikimedia.org/r/#/c/364252 , so this is resolved assuming we don't revert (unlikely!). \o/