Page MenuHomePhabricator

[OPS] stats.wikimedia.org not HTTPS enabled
Closed, ResolvedPublic

Description

When trying to access stats.wikimedia.org via https:// (I just did a copy and paste of url), it throws up an authentication form for username and password with text "Nagios Access". I am not sure whether this is the expected behaviour.


Version: unspecified
Severity: normal
URL: https://stats.wikimedia.org
See Also:
https://rt.wikimedia.org/Ticket/Display.html?id=4749

Details

Reference
bz32143

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 12:07 AM
bzimport added projects: HTTPS, acl*sre-team.
bzimport set Reference to bz32143.

No, this is a bug. I've filed it in the ops team's RT tracker but it's not getting any love there so far.

(In reply to comment #2)

Link to RT ticket?

https://rt.wikimedia.org/Ticket/Display.html?id=1614

Ryan replied on Oct 3 saying the web server on spence isn't puppetized, no activity otherwise.

if the new "stat1" server currently being setup will host stats.wm, that should be resolved there soon.

stats.wikimedia.org does not listen to HTTPS. Rephrasing summary.

I have created RT #4749 to request HTTPS for stats.wikimedia.org.

Quick update from RT ticket:

DONE: Cert is purchased and in public repo in files/ssl/stats.wikimedia.org.pem . The key is in private repo.
TODO: The manifests for the stats.w.o site need to be updated in puppet to make use of the certificates.

https://stats.wikimedia.org/ works but with the wrong cert.

stats.wikimedia.org uses an invalid security certificate.

The certificate is only valid for metrics.wikimedia.org

i don't see the Apache config for this in puppet. I just see the template for metrics.wm. Or where is it?

https://gerrit.wikimedia.org/r/#/c/85971/
https://gerrit.wikimedia.org/r/#/c/85973/
https://gerrit.wikimedia.org/r/#/c/85981/
https://gerrit.wikimedia.org/r/#/c/85984/

and then finally

--> https://stats.wikimedia.org/

08:12 < mutante> drdee: summary: https://stats.wikimedia.org/ (no cert error), https://metrics.wikimedia.org/ (no cert error), -not using wildcard certs, -puppet run unbroken, -apache site is template

metrics.wikimedia and stats.wikimedia now both use their own certs, no "star" certs around here :)