Page MenuHomePhabricator

Investigate setting up HTTPS directly on beta appservers
Open, Needs TriagePublic

Description

This is related to T206003.
<Krenair> _joe_, when you say 'an https interface to mediawiki'
<Krenair> you're not talking about the nginx/varnish layer being able to talk HTTPS are you?
<Krenair> i.e. https://en.wikipedia.beta.wmflabs.org/wiki/Main_Page
<_joe_> Krenair: no I mean TLS on the application servers in beta
<_joe_> we have it in production, we should add it there too, even though it's not as necessary
<Krenair> _joe_, what certs do you use for that in prod?
<_joe_> just to allow people to test connecting apps via TLS, which is a sane practice
<Krenair> puppet?
<_joe_> we generate certs with the puppet CA
<Krenair> so, extra certs from the puppet CA that aren't the host's normal puppet certs?
<_joe_> if you ping me in a couple weeks (post-switchback), I can show you how it's done or do it myself
<_joe_> yes

I might look into this before then to try to bring beta closer to prod setup again. It may involve completion of the apache config consolidation, should look at where Giuseppe got to with the prod apache changes.