Closed
Bug 1205757
Opened 9 years ago
Closed 9 years ago
Create TLS cert and CNAME entry for tiles-cloudfront.cdn.mozilla.net
Categories
(Content Services Graveyard :: Tiles: Ops, defect)
Content Services Graveyard
Tiles: Ops
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mostlygeek, Assigned: mostlygeek)
Details
Download of Tiles assets are limited to the mozilla.net domain name. To fix this: - request a new TLS cert (does not have to be EV) for tiles-cloudfront.cdn.mozilla.net and install in AWS for cloudfront - CNAME tiles-cloudfront.cdn.mozilla.net => d1zcd8sq4oecon.cloudfront.net
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → jthomas
|
|
Assignee | |
Comment 1•9 years ago
|
||
Note: after the switch over yesterday this seems to be affecting: Nightly, Aurora and Beta users. Release users do not have the new code yet: blame line: fb98b283 browser/modules/DirectoryLinksProvider.jsm (Ed Lee 2015-05-14 16:46:39 -0700 74) const ALLOWED_URL_BASE = new Set(["mozilla.net", ""]);
|
||
Comment 2•9 years ago
|
||
Added tiles-cloudfront.cdn.mozilla.net to inventory. It will take a few minutes to be live.
|
|
Assignee | |
Comment 3•9 years ago
|
||
There is a wildcard.cdn.mozilla.net that already exists in cloudformation. We'll be reusing that one.
|
|
Assignee | |
Updated•9 years ago
|
Assignee: jthomas → bwong
|
|
Assignee | |
Comment 4•9 years ago
|
||
For migration it actually makes more sense to create a new distribution as changing the TLS settings on the current distribution will cause laggard clients requests to break. :json could you update the name so: - CNAME tiles-cloudfront.cdn.mozilla.net => dcky6u1m8u6el.cloudfront.net
|
|
||
Comment 5•9 years ago
|
||
Done.
|
|
Assignee | |
Comment 6•9 years ago
|
||
Confirmed that new CDN is in place: $ curl -s https://tiles-cloudfront.cdn.mozilla.net/desktop-prerelease_tile_index_v3.json | shasum a32f8ad481f0986f3d265a1ce71c6b4c7c59de4f - $ curl -s https://s3-us-west-2.amazonaws.com/tiles-resources-prod-tiless3-qbv71djahz3b/desktop-prerelease_tile_index_v3.json | shasum a32f8ad481f0986f3d265a1ce71c6b4c7c59de4f - Making splice changes to deploy new distribution.
|
|
Assignee | |
Comment 7•9 years ago
|
||
New splice tiles deployed and now being served from the new CDN: $ curl -vL https://tiles.services.mozilla.com/v2/links/fetch/en-US * Adding handle: conn: 0x7fa1f1004000 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 0 (0x7fa1f1004000) send_pipe: 1, recv_pipe: 0 * About to connect() to tiles.services.mozilla.com port 443 (#0) * Trying 52.25.98.110... * Connected to tiles.services.mozilla.com (52.25.98.110) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: *.services.mozilla.com * Server certificate: DigiCert SHA2 Secure Server CA * Server certificate: DigiCert Global Root CA > GET /v2/links/fetch/en-US HTTP/1.1 > User-Agent: curl/7.30.0 > Host: tiles.services.mozilla.com > Accept: */* > < HTTP/1.1 303 SEE OTHER < Content-Type: text/html; charset=utf-8 < Date: Thu, 17 Sep 2015 19:10:15 GMT < Location: https://tiles-cloudfront.cdn.mozilla.net/desktop/CA/en-US.7731e06be249b34597bcd0f9a152fdfda5a3b7a5.json < Content-Length: 0 < Connection: keep-alive < * Connection #0 to host tiles.services.mozilla.com left intact * Issue another request to this URL: 'https://tiles-cloudfront.cdn.mozilla.net/desktop/CA/en-US.7731e06be249b34597bcd0f9a152fdfda5a3b7a5.json' * Adding handle: conn: 0x7fa1f1804400 * Adding handle: send: 0 * Adding handle: recv: 0 * Curl_addHandleToPipeline: length: 1 * - Conn 1 (0x7fa1f1804400) send_pipe: 1, recv_pipe: 0 * About to connect() to tiles-cloudfront.cdn.mozilla.net port 443 (#1) * Trying 54.192.70.246... * Connected to tiles-cloudfront.cdn.mozilla.net (54.192.70.246) port 443 (#1) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 * Server certificate: *.cdn.mozilla.net * Server certificate: DigiCert SHA2 Secure Server CA * Server certificate: DigiCert Global Root CA > GET /desktop/CA/en-US.7731e06be249b34597bcd0f9a152fdfda5a3b7a5.json HTTP/1.1 > User-Agent: curl/7.30.0 > Host: tiles-cloudfront.cdn.mozilla.net > Accept: */* > < HTTP/1.1 200 OK < Content-Type: application/json < Content-Length: 4610 < Connection: keep-alive < Date: Thu, 17 Sep 2015 19:09:38 GMT < Content-Disposition: inline < Cache-Control: public, max-age=31536000 < Last-Modified: Thu, 17 Sep 2015 19:07:25 GMT < ETag: "c64dde7b38ebcf3dc1f24ab5e301b003" < Accept-Ranges: bytes * Server AmazonS3 is not blacklisted < Server: AmazonS3 < Age: 38 < X-Cache: Hit from cloudfront < Via: 1.1 f676e086f6450666463e6ae1e902b82c.cloudfront.net (CloudFront) < X-Amz-Cf-Id: xfi8xcBCltImU6n_cdNk4aWoNLVM-T0ThGBh7aA_uo8_GQ1ccYy_-A== (snip snip)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•