"Shouldn't be hard!" -- famous last words
With the introduction of toolforge.org and use of the wmcloud.org domain by several projects which are managing their own LE certificates and DNS, folks are starting to ask about using *.wmcloud.org through the Horizon managed shared proxy system. We need a larger project to coordinate complete migration from *.wmflabs.org to *.wmcloud.org, but it would be reasonable to start allowing opt-in use of *.wmcloud.org via domain proxy.
There are really 2 use cases to consider here:
- Brand new services: An new service being created after the feature is available should just use its $NAME.wmcloud.org name with no $NAME.wmflabs.org equivalent.
- Ideally it would not be possible to create a new legacy $NAME.wmflabs.org proxy at this point to reduce confusion for folks who find the system for the first time.
- It should be possible to change the upstream target for an existing $NAME.wmflabs.org proxy at this time however, which is maybe a reason to implement T140391: Allow users to edit proxies first?
- Legacy services: A service that has previously used $NAME.wmflabs.org should be able to:
- Setup $NAME.wmcloud.org as an alternate service name pointing to the same or different backend service for testing
- Request that $NAME.wmflabs.org 308 redirect to $NAME.wmcloud.org at the front proxy once testing confirms that things are working under the new hostname
- Once a redirect is setup, $NAME.wmflabs.org should continue to exist in DNS indefinitely to support "cool URLs don't change" functionality. Eventually these could move from pointing to domain proxy to pointing to a static proxy which only does $NAME.wmflabs.org -> $NAME.wmcloud.org 308 redirection