**Project Name:** fr-tech-dev
**Wikitech Usernames of requestors:** **andyrussgg, jgleeson
**Purpose:** Provide publicly accessible endpoints with DNS names,WMF managed internet-facing development server to assist Fundraising-Tech in testing and developing payment integrations.
**Brief description: **Fundraising Tech develops integrations with payment processors. for Fundraising TechSeveral of these integrations include processes where the payment processors make requests to our systems.
During the development & testing phases, for developing and testing payment processor integrations.
**Brief description:** [[ https://www.mediawiki.org/wiki/Fundraising_tech?we need to receive traffic transmitted from the payment processors servers and redirect it to our local development environments to confirm the integrations work as intended. Historically, we have accomplished this using tools such as ngrok, | Fundraitemporarily exposing Tech ]]our local develops integrations with payment processors for donors to send funds to the WMFment environments to the internet on free tiers of the product. Several of these integrations include processes where the payment processors make requests to our systemsThis approach isn't ideal as it requires us to transmit potentially sensitive integration data via a third party service. To properly develop and test these integrationsAlso, we need endpoints with valid DNS entries.with some payment processors, Developers can open ssh tunnels on these systemswe must have fixed URLs and valid SSL/TLS certificates to receive traffic, forwarding ports 80 and 443 to their localwhich ngrok does not provide on the free tier.
To properly development systems. and test these integrations, For the time beingwe need a list of fixed WMF managed URLs running over HTTPS, no other software is needed,which we can share with payment processors during the setup stages of the integration. just ssh-accessible VPSs with DNS entries,Those addresses will point to a single cloud VM on which fundraising-tech developers can connect to and configure ssh tunnels to intercept any traffic received to be processed and tested locally. and the option to have SSL certificates for these DNS entries (and the ability to the download private keys of the SSL certs to the local development systems)This project will receive very little traffic as the URLs will only be used during development and testing by engineers on Fundraising Tech.
**How soon you are hoping this can be fulfilled:** Possibly sometime within the next few weeks? Until now, we have been using AWS and, at times, a free, external forwarding service ([[ https://ngrok.com/ | ngrok ]]), but it would be preferable to move this to WMF infrastructureWe have deliberately kept this project outside the fundraising server cluster to allay any PCI concerns and remove the possibility of accidentally exposing donor data stored on the cluster.
Thanks so much!!!**How soon you are hoping this can be fulfilled: **ASAP. Our latest integration with Apple Pay requires us to specify a list of URLs to generate certificates to so that we can receive payment traffic during testing. We're currently using AWS in place of a proper solution, but we'd like to keep all this traffic on WMF-managed infrastructure for the reasons mentioned above.