Closed Bug 272434 Opened 20 years ago Closed 20 years ago

Update Beta site does not work under https

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
x86
Windows XP
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: Bugzilla-alanjstrBugs, Assigned: myk)

References

(
URL
)

Details

If I go to https://update-beta.mozilla.org, I see the current update site, not
the beta.  Going to http://update-beta.mozilla.org shows the new site.  This
means that communications to the site, including the webservice and login are
not secured.
Considering it's developmental only, that's mostly intentional. I only
configured update-beta/update to be vhosted on 80 originally, as to not disturb
443, which is now behind squid. (80 isn't) (As there's also not a cert for
update-beta, which doesn't seem like something that's required.)

No clients that aren't aware of the dev nature of update-beta should be talking
to its webservice.
The cert says that there are multiple names on it, update.mozilla.org and
iguana.mozilla.org, the latter redirecting to UMO.  

Just because it is a development server, if you intend to have any sort of
public beta, I think it should be secure.  But hey, since I have an admin
account, if I get compromised it won't matter, right?
I should add, that there's no reason why u-b shouldn't be configured for both,
but it wouldn't be a priority. I didn't originally as I didnt want to risk
breaking the apache config for 443, where most of the Firefox users would hit. :-)
Could we do https://update-beta.mozilla.org:8443 instead?
Somebody could. not me. :-) and that's an ugly port #..

I'm leaving this up to server ops to do whatever they feel is best.
This is done.  I ran accross it the other day and fixed it because I noticed. :)

Because a lot of the recent problems with update (changing back to windows when
going to the next page with another OS selected?) are likely cache related,
having it behind squid for testing will probably be useful anyway.

https://update-beta.mozilla.org/
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Thanks Justdave. :-)
Status: RESOLVED → VERIFIED
Ok, but it doesn't automatically redirect you to https.
https://update.mozilla.org/admin/ is still protected by http-auth, which means
you have to pass through that before getting redirected.  Can the http-auth be
turned off for those who have old bookmarks (all three of us)
The redirection isn't part of the server config. but a script-side hack,
therefore the http auth provides extra protection for the scripts, just as it
always has. I don't want the auth disabled for /admin/ until migration is complete.
port 80 now globally redirects to port 443.
OK, thanks. :-)
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.