Page MenuHomePhabricator
Create Task
Maniphest T180696

Terminate Thumbor with SSL
Closed, InvalidPublic
Actions

Description

In order to allow having Mediawiki talk directly to Thumbor for thumb.php, Thumbor needs to be available behind a secure connection. In the public thumbnail scenario that SSL termination is done at the Swift level, which is bypassed by thumb.php.

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved GillesT169144 Serve thumb.php requests with Thumbor
 InvalidhnowlanT180696 Terminate Thumbor with SSL

Event Timeline

Gilles created this task.Nov 16 2017, 3:15 PM
Gilles moved this task from Inbox, needs triage to Radar on the Performance-Team board.Nov 20 2017, 9:17 PM
Gilles edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Nov 20 2017, 9:22 PM
Gilles added a comment.Dec 6 2017, 10:13 AM

@fgiunchedi I'd like to add private wiki support for Thumbor as a Q3 goal. Will you have the bandwidth to handle this task next quarter?

fgiunchedi added a comment.Dec 11 2017, 10:43 AM

@Gilles if the scope is just securing thumbor with https then certainly. Do you envision any other help from ops besides e.g. build/deploy ?

Gilles added a comment.Dec 11 2017, 11:51 AM

I don't expect any other work, no. This task really is only about adding SSL termination to Thumbor, so that Mediawiki can talk to it directly securely, since in the private wiki/thumb.php scenario we're not going through the Swift proxy.

fgiunchedi added a comment.Dec 13 2017, 9:56 AM

Yup seems simple enough!

fgiunchedi added a project: User-fgiunchedi.Feb 21 2018, 9:02 AM
Gilles moved this task from Backlog to Radar on the Thumbor board.Mar 14 2018, 7:35 AM
fgiunchedi moved this task from Backlog to Radar on the User-fgiunchedi board.May 13 2019, 8:59 AM
fgiunchedi removed fgiunchedi as the assignee of this task.Jul 19 2019, 9:31 AM
fgiunchedi removed a project: User-fgiunchedi.

Thumbor ownership has moved to service operations, unassigning

jijiki added projects: serviceops, User-jijiki.Jul 19 2019, 9:46 AM
jijiki subscribed.

TLS on haproxy it is then:)

jijiki moved this task from Incoming 🐫 to API Gateway 🥌 on the serviceops board.Jul 26 2019, 10:27 AM
Joe moved this task from API Gateway 🥌 to Incoming 🐫 on the serviceops board.Sep 11 2019, 7:20 AM
jijiki claimed this task.Sep 11 2019, 2:53 PM
Joe subscribed.Sep 16 2019, 3:04 PM
In T180696#5349006, @jijiki wrote:

TLS on haproxy it is then:)

We're trying to standardize TLS termination on envoy, and I think we should concentrate on moving thumbor to kubernetes next.

jijiki added a comment.Sep 23 2019, 3:02 PM

@Joe we will be moving towards this direction

jijiki moved this task from Inbox 🐅 to In Progress 🏋️‍♀️ on the User-jijiki board.Oct 7 2019, 11:41 AM
jijiki moved this task from Incoming 🐫 to 🔦Unused2 on the serviceops board.Aug 17 2020, 11:47 PM
jijiki moved this task from In Progress 🏋️‍♀️ to St on the User-jijiki board.Sep 8 2020, 10:14 AM
jijiki moved this task from St to Thumbor on the User-jijiki board.Sep 8 2020, 10:22 AM
Aklapper removed jijiki as the assignee of this task.Mar 13 2022, 7:52 PM

Removing task assignee due to inactivity, as this open task has been assigned for more than two years. See the email sent to the task assignee on February 06th 2022 (and T295729).

Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome.

If this task has been resolved in the meantime, or should not be worked on ("declined"), please update its task status via "Add Action… 🡒 Change Status".

Also see https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.

TheDJ added a project: Thumbor Migration.Aug 17 2022, 1:02 PM
TheDJ subscribed.

I'm speculating here that this will be automatically fixed by the thumbor migration, which I assume already will do ssl termination ?

hnowlan claimed this task.Aug 18 2022, 2:54 PM
hnowlan closed this task as Invalid.Sep 28 2022, 3:48 PM

Closing this ticket as we will get it automatically as part of the Kubernetes migration.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL