Page MenuHomePhabricator

Move servermon.wikimedia.org behind misc-web
Closed, ResolvedPublic

Description

To reuse the certificate and avoid HTTPS warnings, plus consistency

Event Timeline

akosiaris raised the priority of this task from to Needs Triage.
akosiaris updated the task description. (Show Details)
akosiaris added a project: acl*sre-team.
akosiaris added a subscriber: akosiaris.

https://gerrit.wikimedia.org/r/#/c/188389/ should be the relevant changes for misc-web-lb for this. (As long as servermon is using normal HTTP port only.)

Dzahn triaged this task as Medium priority.
Dzahn set Security to None.
gerritbot added a subscriber: gerritbot.

Change 188723 had a related patch set uploaded (by Dzahn):
switch servermon to misc-web

https://gerrit.wikimedia.org/r/188723

Patch-For-Review

Change 188723 merged by Dzahn:
switch servermon to misc-web

https://gerrit.wikimedia.org/r/188723

Change 190280 had a related patch set uploaded (by Dzahn):
servermon: include Apache mod_headers

https://gerrit.wikimedia.org/r/190280

Patch-For-Review

Change 190280 merged by Dzahn:
servermon: include Apache mod_headers

https://gerrit.wikimedia.org/r/190280

servermon.wikimedia.org is an alias for misc-web-lb.eqiad.wikimedia.org.

..
* About to connect() to servermon.wikimedia.org port 443 (#0)
..
* Connected to servermon.wikimedia.org (208.80.154.241) port 443 (#0)
* Server certificate:
* 	 subject: C=US; ST=California; L=San Francisco; O=Wikimedia Foundation, Inc.; CN=*.wikimedia.org
..
> Host: servermon.wikimedia.org
< HTTP/1.1 401 Authorization Required
.< Server: nginx/1.1.19

Change 190298 had a related patch set uploaded (by Dzahn):
servermon: turn RewriteEngine on for proto redirect

https://gerrit.wikimedia.org/r/190298

Patch-For-Review

Change 190298 merged by Dzahn:
servermon: turn RewriteEngine on for proto redirect

https://gerrit.wikimedia.org/r/190298

curl -vvv http://servermon.wikimedia.org
..
< HTTP/1.1 301 Moved Permanently
< Server: Apache/2.2.22 (Ubuntu)
< Vary: X-Forwarded-Proto,Accept-Encoding
< Location: https://servermon.wikimedia.org/

^ enforces https. resolving

Hey, thanks for taking care of this!!!

As far as librenms goes, I 'd rather we didn't. It is way more vital as a monitoring tool than servermon (especially during network outages) and the less dependencies we got that could malfunction while accessing it, the better.