Closed
Bug 1334350
Opened 7 years ago
Closed 7 years ago
Serve new testing subdomains of itisatrap.org out of the same github repo
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Infrastructure & Operations Graveyard
WebOps: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bytesized, Assigned: danielh)
References
Details
(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/4142])
Repo: https://github.com/mozilla/itisatrap The repository is already deployed at itisatrap.org. For flashblock testing, it needs to also be available at these subdomains: flashblock.itisatrap.org except.flashblock.itistrap.org flashallow.itistrap.org except.flashallow.itistrap.org flashthirdparty.itistrap.org except.flashthirdparty.itistrap.org They should also be TLS-enabled.
Reporter | ||
Comment 2•7 years ago
|
||
I would like to change the these subdomains: flashthirdparty.itistrap.org except.flashthirdparty.itistrap.org to these subdomains: flashsubdocument.itisatrap.org except.flashsubdocument.itisatrap.org because there was a request to rename the third party classification away from Third-Party because the implementation does not completely match the definition of Third-Party.
Reporter | ||
Comment 3•7 years ago
|
||
Sorry, another request to change URL names. Instead these subdomains: flashthirdparty.itistrap.org except.flashthirdparty.itistrap.org should be changed to these subdomains: flashsubdoc.itisatrap.org except.flashsubdoc.itisatrap.org
Assignee | ||
Comment 4•7 years ago
|
||
Hey Kirk, Thank you for the detailed overview. I'm planning on solving this by adding CNAME records for each of the domains you listed above. They will point to itistrap.org so the appropriate content can be served. Once this is confirmed to work, I'll update our SSL SAN certificate to include these domains as well. This should provide the TLS-enabled access you need. I started this today by setting up a CNAME record flashblock.itisatrap.org. I'm currently waiting for that change to propagate. If you notice any unexpected behavior (or if you just have questions), let me know. Thanks for your patience!
Assignee | ||
Comment 5•7 years ago
|
||
The following CNAME records were created (each maps to itisatrap.org):
>flashblock.itisatrap.org
>except.flashallow.itisatrap.org
>except.flashblock.itisatrap.org
>flashallow.itisatrap.org
>flashsubdoc.itisatrap.org
>except.flashsubdoc.itisatrap.org
The Apache configuration was updated to include these server aliases as well. I'll be updating the SSL SAN certificate shortly to enable TLS on these subdomains.
Assignee | ||
Comment 6•7 years ago
|
||
The Apache configuration was reverted. I'll re-implement it once I understand the issue that resulted in bug 1342538.
Assignee | ||
Comment 7•7 years ago
|
||
The Apache configuration has been updated in production and it works now. Here's a quick summary of what was performed: - New traffic rule was implemented to add appropriate headers to validate whether or not connection was HTTPS - This allowed me to consolidate the existing Apache configuration into a single VirtualHost configuration - The subdomains above, including www.itisatrap.org and itisatrap.org are captured and the production site is returned - If the connection is over HTTP, it will be automatically upgraded to HTTPS The last task is to update the SAN certificate to include these subodmains. I'll update this bug once that's complete. If you notice any unexpected behavior, please let me know.
Assignee | ||
Comment 8•7 years ago
|
||
SSL SAN cert updated to include these subdomains! Kirk, Can you do me a favor and look over the recent changes? I'd like to make sure everything is working as expected for you. Here are the new subdomains: flashblock.itisatrap.org except.flashallow.itisatrap.org except.flashblock.itisatrap.org flashallow.itisatrap.org flashsubdoc.itisatrap.org except.flashsubdoc.itisatrap.org If you access any of these over HTTP, it'll automatically reconnect over HTTPS.
Flags: needinfo?(ksteuber)
Reporter | ||
Comment 9•7 years ago
|
||
Thank you! It looks like the domains are being served as expected, but a header is being sent with my pages that breaks functionality: X-Frame-Options: DENY My test page [1], expects to be able to load those domains in iframes, but is being prevented from doing so by this header. Can you fix this easily, or should I file a separate bug addressing this? [1] https://itisatrap.org/firefox/flashblock.html
Flags: needinfo?(ksteuber) → needinfo?(dhartnell)
Assignee | ||
Comment 10•7 years ago
|
||
Hey Kirk, I'll go ahead and remove this header for the time being. I'm going to create a related bug asking that we investigate the configuration in more detail and look for a way to address this in the future. I'll have an update for you once that's complete.
Flags: needinfo?(dhartnell) → needinfo?(ksteuber)
Assignee | ||
Comment 11•7 years ago
|
||
Kirk, The XFO header has been removed for you.
Assignee | ||
Updated•7 years ago
|
Flags: needinfo?(ksteuber)
Assignee | ||
Comment 12•7 years ago
|
||
I had a chance to speak with Kirk regarding this and we agreed to close this bug. Looks like it's all working well now!
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•