Page MenuHomePhabricator add TLS termination
Open, MediumPublic


contint is one of the very few remaining origin servers available only via plain HTTP, see T108580#6488253. We should make it available via HTTPS instead to ensure that traffic between ATS and contint is encrypted.

Event Timeline

ema created this task.Sep 25 2020, 8:12 AM
Restricted Application added a project: Operations. · View Herald TranscriptSep 25 2020, 8:12 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Dzahn added a subscriber: Dzahn.Sep 25 2020, 6:43 PM

This was basically all done: tlsproxy::envoy: allow limiting firewall srange - ATS: use contint service alias as backend for add fake key ci::master: add envoy for TLS termination for integration add certificate for contint/ add service alias for contint machines - ATS: switch contint backend to use TLS

except at the end I had to revert Revert "ATS: switch contint backend to use TLS"

all that is needed is that last fix

ArielGlenn triaged this task as Medium priority.Sep 28 2020, 9:35 AM
ema moved this task from Triage to Feature Requests on the Traffic board.Tue, Nov 24, 3:19 PM