Page MenuHomePhabricator

Investigate https for our redirects
Closed, ResolvedPublic

Description

Many of our domains (e.g. wikilovesmonuments.se) are only redirects to wikimedia.se sub-domain or a WMF controlled site (there are some additional destinations).

Investigate how to best set up certificates for these (the redirects) to also allow https traffic (where the destination already supports https.

Event Timeline

Brought to attention by:

Some of these redirects live in Loopia, others are implemented on GleSys where the server might be too old to support LetsEncrypt.

drift@ should be the contact email in all of the certificates.

Stickning this in OrgDev since ut is mode about cleaning up our infrastructure (everything should be https) than anything else.

I checked with Loopia and it's not possible to make a redirect from https in their system. We should ask Generation to add certificates for the needed subdomains.

Lokal_Profil moved this task from Backlog to Done on the User-Sebastian_Berlin-WMSE board.

I checked with Loopia and it's not possible to make a redirect from https in their system. We should ask Generation to add certificates for the needed subdomains.

Thanks.

The ones related to our new website are handled in T226367: Broken redirects after moving homepage
For the ones related to our membership system see T228842: Check with Zynatic about SSL-certs for our subdomains
Any that go to a WMF site, including our chapter wiki, we'll simply have to abandon for now.

Lokal_Profil moved this task from Backlog to Done on the User-LokalProfil board.

For the sake of comleteness. The alternative would be for us to set up a thin server which handles the redirects (rather than doing them in Loopia), that server should then be able to hold the SLL certs for the aliases.

Lokal_Profil closed this task as Resolved.Sep 2 2019, 8:19 AM

For the sake of comleteness. The alternative would be for us to set up a thin server which handles the redirects (rather than doing them in Loopia), that server should then be able to hold the SLL certs for the aliases.

This feels like overkill for now. With T226367 being resolved and T228842 being declined I'd say we can close this.