Page MenuHomePhabricator
Create Task
Maniphest T303725

Extend NEL headers to sites not fronted by CDN
Open, LowPublic
Actions

Description

We have a bunch of sites that are not fronted by the CDN. This also means they generally only live in eqiad and/or codfw, which also means that users in EMEA/Asia/etc take a totally different path to these sites than they do to the CDN.

We've had a few issues recently where SREs and other technical contributors have been unable to reach sites like gerrit, lists.wm.o, integration.wm.o, icinga.wm.o, etc.

Let's make these sites also serve the same NEL headers as production.

Probably the best way to do this is to define some top-level hiera with a map of names and values for headers (we need to serve both NEL: and Report-To:) and then modify other Puppet code to reference this hiera as needed (whether Apache or Nginx config snippets).

We can also make the current gross mess that is in wikimedia-frontend.vcl.erb be generated from this hiera as well.

Related Objects
Search...

Event Timeline

CDanis created this task.Mar 14 2022, 1:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 14 2022, 1:50 PM
CDanis triaged this task as Low priority.Mar 14 2022, 1:50 PM
Legoktm awarded a token.Mar 14 2022, 3:37 PM
Legoktm subscribed.
Ladsgroup awarded a token.Aug 9 2022, 7:45 PM
CDanis added a subscriber: taavi.Sep 12 2022, 4:04 PM

As a note, such sites also include "everything on WMCS / toolserver" and it would probably be good to extend NEL to that as well.

RhinosF1 subscribed.Sep 12 2022, 4:11 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL