HomePhabricator

Add HTTPS support to parsoid varnishes

Authored by akosiaris.

Description

Add HTTPS support to parsoid varnishes

Parsoid varnishes never supported HTTPS. This was intentional but right
now parsoid services also host cxserver and very soon citoid (see
T76949). Those are public services that are fetched via XHR and browsers
at this point throw warnings about fetching resources insecurely. Chrome
38 and above however, block the request. As does Firefox 23 and above
Use role::cache::ssl::parsoid to terminate HTTPS on the parsoid varnishes
via nginx and pass the HTTP request to the varnish backend. The new
class role::cache::ssl::parsoid just adds the wikimedia and
m.wikimedia.org certificates and the unified to support older clients

Bug: T86847
Change-Id: I83574f6a92d28bcbc59d9fe412406516293782da

Details

Committed
akosiarisJan 15 2015, 3:27 PM
Parents
rOPUP646cd10e1f9d: certs: kill create_combined_cert
Branches
Unknown
Tags
Unknown
ChangeId
I83574f6a92d28bcbc59d9fe412406516293782da