1054281 - https support for fxos.cdn.mozilla.net

Status: VERIFIED FIXED

(Cloud Services :: Operations: Deployment Requests - DEPRECATED, task)

Description

[Kevin Grandon :kgrandon]

We are currently utilizing a CDN for Firefox OS only for a few images, but we would now like to start leveraging it for some scripts as well. In order to leverage this, we would like to add https support for this the CDN at: fxos.cdn.mozilla.net.

Comment 1

[Kevin Grandon :kgrandon]

Benson - Could you let us know which component these types of bugs for the CDN would best go into? Thanks!

Comment 2

[Benson Wong [:mostlygeek]]

The place to put these is in: Mozilla Services :: Operations: Deployment Requests

We'll need to get a new SSL certificate for this. Is it ok if we support TLS SNI only? Otherwise our costs will be quite a bit more / month as we'll require a dedicated IP address.

Comment 3

[Kevin Grandon :kgrandon]

(In reply to Benson Wong [:mostlygeek] from comment #2)
> The place to put these is in: Mozilla Services :: Operations: Deployment
> Requests
> 
> We'll need to get a new SSL certificate for this. Is it ok if we support TLS
> SNI only? Otherwise our costs will be quite a bit more / month as we'll
> require a dedicated IP address.

I believe this is *only* needed for FxOS devices which should support SNI afaik.

Comment 4

[Benson Wong [:mostlygeek]]

Seems like we have a *.cdn.mozilla.net SSL cert. We should be able to get this into AWS and get it on the CDN.

Comment 5

[Benson Wong [:mostlygeek]]

cloudfront is still updating globally but: 

bwong-09481:tiles bwong$ curl -v https://fxos.cdn.mozilla.net/addi-frozen-cake.jpg > /dev/null
* Adding handle: conn: 0x7fa8d2804400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7fa8d2804400) send_pipe: 1, recv_pipe: 0
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to fxos.cdn.mozilla.net port 443 (#0)
*   Trying 54.230.143.133...
* Connected to fxos.cdn.mozilla.net (54.230.143.133) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* Server certificate: fxos.cdn.mozilla.net
* Server certificate: DigiCert SHA2 Secure Server CA
* Server certificate: DigiCert Global Root CA
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0> GET /addi-frozen-cake.jpg HTTP/1.1
> User-Agent: curl/7.30.0
> Host: fxos.cdn.mozilla.net
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: image/jpeg
< Content-Length: 160075
< Connection: keep-alive
< Date: Tue, 19 Aug 2014 21:31:24 GMT
< Last-Modified: Fri, 04 Jul 2014 16:23:12 GMT
< ETag: "b01ab1f58eb4e4f43a31d5beb0d4b479"
* Server AmazonS3 is not blacklisted
< Server: AmazonS3
< Age: 17
< X-Cache: Hit from cloudfront
< Via: 1.1 17d8abe7315d00a9aa5a5ff2e9c3ee62.cloudfront.net (CloudFront)
< X-Amz-Cf-Id: ZJWJQI2q_qXSCjH-D8fEq4-jiK71ptvW2lSLHhAPXNthaSqbuUcacA==
<
{ [data not shown]
100  156k  100  156k    0     0   216k      0 --:--:-- --:--:-- --:--:--  216k
* Connection #0 to host fxos.cdn.mozilla.net left intact

Comment 6

[Tim Guan-tin Chien [:timdream] (please needinfo)]

Kevin, should we file another bug to change the reference to the CDN to HTTPS?

Comment 7

[Kevin Grandon :kgrandon]

(In reply to Tim Guan-tin Chien [:timdream] (MoCo-TPE) (please ni?) from comment #6)
> Kevin, should we file another bug to change the reference to the CDN to
> HTTPS?

We currently only use the cdn for static image assets. I would normally say that it probably isn't needed but if you feel strongly that it is, go ahead and file a bug and CC me.

Comment 8

[Tim Guan-tin Chien [:timdream] (please needinfo)]

(In reply to Kevin Grandon :kgrandon from comment #7)
> We currently only use the cdn for static image assets. I would normally say
> that it probably isn't needed but if you feel strongly that it is, go ahead
> and file a bug and CC me.

Filed bug 1056481.