Closed Bug 1297318 Opened 9 years ago Closed 9 years ago

SSL termination for services outside PaaS

Categories

(Participation Infrastructure :: Community Ops, task)

Product:
Participation Infrastructure
Component:
Community Ops
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nemo-yiannis, Unassigned)

References

Details

Currently in order to do SSL termination for our services we use AWS ELB /w AWS ACM to issue certs. This works fine for services in our PaaS using either mozilla.community or mozilla-community-sites SAN cert. We need to find a way to tackle cases like * App running in our PaaS but it's not using mozilla.community or mozilla-community-sites SAN (eg. toolkit.mozilla.org) * App running in our infra (eg. community analytics) but not running in PaaS.
See Also: → 1297145
I think this is what we agreed on: > App running in our PaaS but it's not using mozilla.community or mozilla-community-sites SAN If we control the domain, we add the site to our mozilla-community-sites SAN, otherwise we spin up a new ELB. > App running in our infra (eg. community analytics) but not running in PaaS. Use our terraform module (https://github.com/mozilla/partinfra-terraform-cloudfrontssl) to deploy CloudFront with SSL in front of the app.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.