|Open||None||T106913 Use Sentry on non-production Wikimedia wikis, Toolforge and other sites/tools|
|Declined||None||T106915 Use Sentry in production|
|Declined||None||T106920 Integrate Sentry with beta cluster|
|Open||None||T189531 All Wikimedia developer services should use single sign-on|
|Open||None||T97133 Login integration for Sentry|
The task is private.
The current Sentry role used nginx (that was recommended in the Sentry docs, presumably because it scales better). Nginx does not have native LDAP support. On the internets people usually recommend compiling in nginx-auth-ldap, which does not inspire confidence.
Maybe I can run both apache and nginx, on different ports/vhosts? The user interface does not need to scale and the logging interface does not need auth. I am not sure I can set separate base URLs for them though. Or just discard nginx completely and how apache will be fine under load. Or go back to django_ldap_auth...
Thanks, I'll do that.
I'm not sure I understand the point of having two vhosts. Can't you just configure mod_authnz to ask for credentials but then not require valid-user, or use mod_authn_anon?