Closed
Bug 1398162
Opened 7 years ago
Closed 6 years ago
Move bugzilla.org domain to point to Github Pages version of site
Categories
(Bugzilla :: bugzilla.org, enhancement)
Tracking
()
RESOLVED
FIXED
People
(Reporter: gerv, Assigned: justdave)
References
Details
The code behind http://www.bugzilla.org/ uses Template Toolkit, which means that we have to host it ourselves. The build system for including the docs in the website also requires various older Perls and so on which has proved historically troublesome. We've been meaning to move to something newer for a while, and Wordpress was mooted, but in recent Bugzilla meetings we proposed moving to Github Pages and Jekyll. I've now done that conversion, and the results can be seen here: https://bugzilla.github.io/ (Source: https://github.com/bugzilla/bugzilla.github.io/) After a bit of testing, we need to switch over to using this as the master copy. This bug tracks that work. If we didn't need HTTPS support, we could simply use Github Pages' built-in support for CNAME: https://help.github.com/articles/using-a-custom-domain-with-github-pages/ However, that doesn't support SSL, which we need for bugzilla.org. Fortunately, Cloudflare can be used to front the site to provide SSL: https://blog.cloudflare.com/secure-and-fast-github-pages-with-cloudflare/ https://hackernoon.com/set-up-ssl-on-github-pages-with-custom-domains-for-free-a576bdf51bc But that means letting Cloudflare run our DNS, which may have other ramifications because we have other servers as well. Gerv
Reporter | ||
Comment 1•7 years ago
|
||
justdave: can you comment on how difficult or easy it would be to switch our DNS to Cloudflare so we can use this solution? Gerv
Flags: needinfo?(justdave)
Assignee | ||
Comment 2•7 years ago
|
||
DNS can be delegated on a hostname by hostname basis. The parent zone just needs an NS record for the hostname in question which points at cloudflare's servers. This would easily be doable.
Flags: needinfo?(justdave)
Reporter | ||
Comment 3•7 years ago
|
||
justdave: is that true even if we want https://bugzilla.org/ to work? Gerv
Flags: needinfo?(justdave)
Assignee | ||
Comment 4•7 years ago
|
||
No. However, https://bugzilla.org redirects to https://www.bugzilla.org, and we could certainly leave bugzilla.org where it is with the redirect intact, and just give cloudflare www.bugzilla.org.
Flags: needinfo?(justdave)
Reporter | ||
Comment 5•7 years ago
|
||
If I'm right, doesn't that mean we'd need to keep maintaining a webserver and our own certificate, just to do the simple thing of serving a single redirect :-( That seems sad. Is there a way we can get cloudflare to do the DNS for the entire domain, and so avoid this? Or does that cause other problems? Gerv
Assignee | ||
Comment 6•7 years ago
|
||
The redirect is on Mozilla's webserver and not ours, and they've never given any kind of indication that they want to stop hosting that, so that should be fine to leave there.
Reporter | ||
Comment 7•7 years ago
|
||
OK, great! That's good news. I've added a CNAME file to the bugzilla.github.io repo, set up a Cloudflare account (username: gerv-cloudflare@gerv.net) and added bugzilla.org. (It didn't seem possible in their interface to only add www.bugzilla.org so I added the whole domain, and it copied all the other DNS records). I only turned Cloudflare on for www.bugzilla.org. The nameservers Cloudflare want us to use are: ivy.ns.cloudflare.com jay.ns.cloudflare.com So if we switch to using those, that should do the switchover! The instructions say: "It may take up to 24 hours after successfully changing name servers for a new SSL certificate pack to be issued for your site. If you need valid SSL certificates in place before sending traffic through Cloudflare, pause Cloudflare for your site by clicking on Advanced to the right and resume when your certificate pack has been issued." So we need to switch the nameservers, but then pause Cloudflare. So that involves a coordination between me and the person switching. Unless we are happy with a little bit of SSL downtime (they say 24 hours, but I bet they are a lot faster than that normally). Gerv
Assignee | ||
Comment 8•7 years ago
|
||
OK, I've got access to make that change on our end, find me on IRC or Slack when you're ready to do it.
Assignee | ||
Comment 9•7 years ago
|
||
I'm assuming there's going to be a confirmation to hostmaster sent to confirm creation of the SSL certificate. I also still get that email address, so we're set on that end, too.
Reporter | ||
Comment 10•7 years ago
|
||
Probably they'll use DNS-based validation for the SSL cert, so there won't be an email to hostmaster@. Gerv
Assignee | ||
Comment 11•7 years ago
|
||
DNS has been updated to point www.bugzilla.org at cloudflare's nameservers. bugzilla.org continues to point at Mozilla (which will do a redirect).
Comment 12•7 years ago
|
||
FYI I get a "Secure Connection Failed" error in Firefox trying to load www.bugzilla.org: An error occurred during a connection to www.bugzilla.org. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Assignee | ||
Comment 13•7 years ago
|
||
I've backed out the DNS change until Gerv is ready to try the rescan again in Cloudflare.
Reporter | ||
Comment 14•7 years ago
|
||
mcote: yeah, I got something like that when setting Cloudflare's nameservers directly as my nameserver on my machine. Not sure why that is, and Firefox is a little unhelpful in saying what cyphers were offered. I'll try and coordinate with Dave again. Gerv
Reporter | ||
Comment 15•7 years ago
|
||
I've emailed justdave all he needs to make this change solo. Gerv
Assignee | ||
Comment 16•6 years ago
|
||
This is now live!!! Woot!
Assignee: website → justdave
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•