The puppetmaster is one of the very few remaining origin servers available only via plain HTTP, see T108580#6488253. We should make it available via HTTPS instead to ensure that traffic between ATS and the puppetmasters (used for https://config-master.wikimedia.org) is encrypted.
Description
Description
Details
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | • ema | T108580 HTTPS for internal service traffic | |||
Resolved | jbond | T263831 puppetmaster[12]001: add TLS termination |
Event Timeline
Comment Actions
Change 650154 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] httpd: Add abbility to remove the defauls ports configueration
Comment Actions
Change 650155 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/puppet@production] puppetmaster: remove default apache ports from puppetmaster
Comment Actions
Change 650154 merged by Jbond:
[operations/puppet@production] httpd: Add abbility to remove the defauls ports configueration
Comment Actions
Change 650155 merged by Jbond:
[operations/puppet@production] puppetmaster: remove default apache ports from puppetmaster