1036130 - Provide secure Bugzfeed endpoint

Status: RESOLVED FIXED

(bugzilla.mozilla.org :: Infrastructure, defect)

Description

[Kohei Yoshino [:kohei]]

I have added a Bugzfeed support to my BzDeck app but noticed that it didn't work on production. It's due to a SecurityError "The operation is insecure" because https://www.bzdeck.com/ is secure but ws://bugzfeed.mozilla.org/ is not. Looks like it's a common WebSocket issue. Could you provide a secure endpoint? Thanks!

Comment 1

[Mark Côté [:mcote]]

Yes, good point, there should be a secure endpoint.  We'll have to get a cert for it, so it'll take a couple days.

Comment 2

[:glob ✱]

the version of haproxy installed/available doesn't support ssl (1.4).
we require version 1.5 of haproxy, but that was only released a month ago.

as i'd prefer not to build from source, a lightweight workaround is to use stunnel to terminate ssl connections and tunnel them to the bugzfeed server.  i've tested this with a self-signed certificate and it works.

i've filed bug 1038581 to get a real certificate issued.

Comment 3

[Kohei Yoshino [:kohei]]

Any updates? This is blocking our Alpha 10 release.
https://github.com/kyoshino/bzdeck/issues?milestone=15

Comment 4

[Kohei Yoshino [:kohei]]

Friendly ping

Comment 5

[:glob ✱]

not forgotten :) i'm waiting on an updated certificate from gozer.

Comment 6

[Kohei Yoshino [:kohei]]

Bug 1038581 says the cert has already been sent...?

Comment 7

[:glob ✱]

(In reply to Kohei Yoshino [:kohei] from comment #6)
> Bug 1038581 says the cert has already been sent...?

unfortunately i wasn't able to decrypt it, totally due to my own fault (bad pgp key).
i immediately provided gozer with an alternative key, and i've just pinged him a reminder.

Comment 8

[:glob ✱]

deployed!

Comment 9

[Kohei Yoshino [:kohei]]

Awesome!

Comment 10

[Kohei Yoshino [:kohei]]

Deployed our BzDeck update. Thanks so much! https://www.facebook.com/BzDeck/posts/555860127873034