Our two running sites for elmo are: https://l10n-stage-sj.mozilla.org/ and https://l10n-dev-sj.mozilla.org/ That's great but if someone types in the domain in the address bar without the http* part they'll get a broken site. All http:// traffic should redirect to the / location of the https:// version.
This is a Zeus setting by the way. Hopefully we won't have to pipe any HTTP traffic down to our Apache. Made it depend on https://bugzilla.mozilla.org/show_bug.cgi?id=652792 as an indication that this bug can wait till we have the new server set up. Most people have it bookmarked on the https url.
I think we don't want https traffic to our apache, but just http. http requests on the public urls should, if possible, redirect to their https equivalents on the zeus side, and then the https requests would continue to do what they're doing now. That we can't break http vs https on bm-l10n-dashboard01 (l10n-dashboard01.dmz.sjc1) is a good feature to keep, IMHO.
Correct. Sorry for not making this clear. Yes, behind zeus it's all HTTP. However, Zeus should accept both HTTPS (proxys as HTTP to our apache) and HTTP (redirects to https://<domain>/)
Assignee: nobody → server-ops
Component: Elmo → Server Operations
Product: Webtools → mozilla.org
QA Contact: elmo → mrz
Summary: http access should redirect to https → http://l10n-dev-sj.mozilla.org/ access should redirect to https://l10n-dev-sj.mozilla.org/
Version: 1.0 → other
(In reply to comment #1) > This is a Zeus setting by the way. Hopefully we won't have to pipe any HTTP > traffic down to our Apache. That's not quite how we will do it.. We do a redirect within apache to the https side and then, as you later pointed out, zeus decrypts that https side. We don't do rewrites/redirects for http->https from within zeus itself. (technically it is possible, just not the way we do it elsewhere). I'll get this assigned.
Assignee: server-ops → shyam
Too many things flying around that I don't know anything about, so I'll try to reword it without assumptions on stuff I don't know anything about: This is gonna happen somewhere on the line between the world and l10n-dashboard01.dmz.sjc1, and the config/setup on l10n-dashboard01.dmz.sjc1 won't need to be changed?
@Corey, I believe Zeus translates :443 traffic into us on :80 which is fine. Then what about :80 traffic into us? Does it go to :81 or something? If that's the case, we can take care of the apache redirects.
(In reply to comment #6) > @Corey, I believe Zeus translates :443 traffic into us on :80 which is fine. > Then what about :80 traffic into us? Does it go to :81 or something? If > that's the case, we can take care of the apache redirects. Elsewhere, we run http on :80 and :81. If http is not desired, :80 has a redirect to https://website.. zeus accepts that on :443 and decripts to :81. hope that makes sense. However, turns out this is not setup through zeus right now. That will be a bigger task that Shyam is going to work on.
(In reply to comment #7) > However, turns out this is not setup through zeus right now. That will be a > bigger task that Shyam is going to work on. It is on the Zeus, but setup via the Cisco ACE, which we avoid using right now. I've already got the setup moved to a Zeus cluster that's not behind the ACE. It will need some downtime because of apache + DNS changes, so Pike said tomm would be best. Will close this out when that's done.
DNS changes made, working on Apache configs.
And this is done. fox2mike@woodpecker ~ $ curl -I -L http://l10n-stage-sj.mozilla.org/ HTTP/1.1 302 Found Server: Apache/2.2.14 (Ubuntu) Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 Date: Wed, 01 Jun 2011 15:29:51 GMT Location: https://l10n-stage-sj.mozilla.org/ Transfer-Encoding: chunked Connection: Keep-Alive fox2mike@woodpecker ~ $ curl -I -L http://l10n-dev-sj.mozilla.org/ HTTP/1.1 302 Found Server: Apache/2.2.14 (Ubuntu) Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 Date: Wed, 01 Jun 2011 15:31:04 GMT Location: https://l10n-dev-sj.mozilla.org/ Transfer-Encoding: chunked Connection: Keep-Alive Working on 661240 now.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.