Page MenuHomePhabricator

Point rel=canonical to HTTPS on every page
Closed, ResolvedPublic


I propose setting $wgEnableCanonicalServerLink = true everywhere, and setting $wgCanonicalServer to HTTPS on all servers except Chinese language wikis.

We did this with, and so we know with some confidence that it will cause Google to provide links directly to the https website. This will cause most of our traffic to go to HTTPS.

I'm filing this to create a place for discussion, rather than as an immediate action item. Before this can be done, the SSL cluster would have to be expanded significantly, assuming Ganglia capacity data is correct -- maybe by a factor of 10. It may be simplest to wait until HTTPS is sent directly to Varnish, but even then, some proper capacity calculations would be in order.

This would be an alternative to T50402: rel=canonical of https pages should point to http and a significant step towards T49832: Force all Wikimedia cluster traffic to be over SSL for all users (logged-in and anon).


As I've stated before, personally I'd prefer to do the hard redirects before the rel=canonical during the initial rollout process, simply because it's easier to take back in realtime if anything doesn't work out as planned in terms of load and capacity. We already have a process down for this stuff. It's not my place to speak to the rest, but I assure you people are aware and working on it.

See Also:



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 2:01 AM
bzimport added a project: HTTPS.
bzimport set Reference to bz51002.
bzimport added a subscriber: Unknown Object (MLST).

How about first setting canonical to HTTPS for all projects that have signed up for the HTTPS Beta program?

Generally rel=canonical will be the final step for a given site, after redirects and such are in place. In the general case, all of that is still pending on the rest of the work in the HTTPS-by-default project, scheduled for circa end-of-March, at which point we can start deciding when and in what order various sites are enabled as part of an operational rollout plan.

If we switched over rel=canonical first, we wouldn't have to redirect so many users. So the site would seem faster.

Either way, we'll need a deployment plan that gradually increases load going by wiki domainnames (or sets of them), rather than turning them all on at once. I'm inclined to redirect first because we have more-immediate control there in terms of seeing and reacting to load changes.

Either way please first change the sites URL in Wikidata by contacting either @hoo or @aude. Because of an implementation detail otherwise editing language links breaks. As a side effect of such a change the language links would change to HTTPS.

Note, that this has happened for 7 languages (See 8f99d5f4)

Based on I imagine the other languages are not far behind.