By providing acme-chief support in compile_redirects() we can keep redirects.dat as the source of truth for both web server configuration and list of SNIs for issuance of TLS certificates.
Description
Description
Details
Details
| Project | Branch | Lines +/- | Subject | |
|---|---|---|---|---|
| operations/puppet | production | +32 -4 | redirects.dat: Provide acme-chief/TLS SNI list support in compile_redirects() |
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | • ema | T108827 Investigate TCP Fast Open for tlsproxy | |||
| Declined | None | T107236 Switch port 80 to nginx on primary clusters | |||
| Open | None | T101048 Policy decisions for new (and current) DNS domains registered to the WMF | |||
| Resolved | BBlack | T104681 HTTPS Plans (tracking / high-level info) | |||
| Resolved | Vgutierrez | T214253 en.wikipedia.com [sic] serves an invalid certificate | |||
| Resolved | Vgutierrez | T190244 en-wp.org certificate error | |||
| Open | Vgutierrez | T133548 Create a secure redirect service for large count of non-canonical / junk domains | |||
| Open | Vgutierrez | T225096 Provide acme-chief/TLS SNI list support in compile_redirects() |
Event Timeline
Comment Actions
Change 514477 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] redirects.dat: Provide acme-chief/TLS SNI list support in compile_redirects()