Closed
Bug 656600
Opened 14 years ago
Closed 14 years ago
http://l10n-dev-sj.mozilla.org/ access should redirect to https://l10n-dev-sj.mozilla.org/
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: peterbe, Assigned: fox2mike)
Details
Our two running sites for elmo are:
https://l10n-stage-sj.mozilla.org/
and
https://l10n-dev-sj.mozilla.org/
That's great but if someone types in the domain in the address bar without the http* part they'll get a broken site. All http:// traffic should redirect to the / location of the https:// version.
Reporter | ||
Comment 1•14 years ago
|
||
This is a Zeus setting by the way. Hopefully we won't have to pipe any HTTP traffic down to our Apache.
Made it depend on https://bugzilla.mozilla.org/show_bug.cgi?id=652792 as an indication that this bug can wait till we have the new server set up. Most people have it bookmarked on the https url.
Comment 2•14 years ago
|
||
I think we don't want https traffic to our apache, but just http.
http requests on the public urls should, if possible, redirect to their https equivalents on the zeus side, and then the https requests would continue to do what they're doing now.
That we can't break http vs https on bm-l10n-dashboard01 (l10n-dashboard01.dmz.sjc1) is a good feature to keep, IMHO.
Reporter | ||
Comment 3•14 years ago
|
||
Correct. Sorry for not making this clear.
Yes, behind zeus it's all HTTP. However, Zeus should accept both HTTPS (proxys as HTTP to our apache) and HTTP (redirects to https://<domain>/)
Updated•14 years ago
|
Assignee: nobody → server-ops
Component: Elmo → Server Operations
Product: Webtools → mozilla.org
QA Contact: elmo → mrz
Summary: http access should redirect to https → http://l10n-dev-sj.mozilla.org/ access should redirect to https://l10n-dev-sj.mozilla.org/
Version: 1.0 → other
Comment 4•14 years ago
|
||
(In reply to comment #1)
> This is a Zeus setting by the way. Hopefully we won't have to pipe any HTTP
> traffic down to our Apache.
That's not quite how we will do it.. We do a redirect within apache to the https side and then, as you later pointed out, zeus decrypts that https side. We don't do rewrites/redirects for http->https from within zeus itself. (technically it is possible, just not the way we do it elsewhere).
I'll get this assigned.
Assignee: server-ops → shyam
Comment 5•14 years ago
|
||
Too many things flying around that I don't know anything about, so I'll try to reword it without assumptions on stuff I don't know anything about:
This is gonna happen somewhere on the line between the world and l10n-dashboard01.dmz.sjc1, and the config/setup on l10n-dashboard01.dmz.sjc1 won't need to be changed?
Reporter | ||
Comment 6•14 years ago
|
||
@Corey, I believe Zeus translates :443 traffic into us on :80 which is fine.
Then what about :80 traffic into us? Does it go to :81 or something? If that's the case, we can take care of the apache redirects.
Comment 7•14 years ago
|
||
(In reply to comment #6)
> @Corey, I believe Zeus translates :443 traffic into us on :80 which is fine.
> Then what about :80 traffic into us? Does it go to :81 or something? If
> that's the case, we can take care of the apache redirects.
Elsewhere, we run http on :80 and :81. If http is not desired, :80 has a redirect to https://website.. zeus accepts that on :443 and decripts to :81.
hope that makes sense.
However, turns out this is not setup through zeus right now. That will be a bigger task that Shyam is going to work on.
Assignee | ||
Comment 8•14 years ago
|
||
(In reply to comment #7)
> However, turns out this is not setup through zeus right now. That will be a
> bigger task that Shyam is going to work on.
It is on the Zeus, but setup via the Cisco ACE, which we avoid using right now.
I've already got the setup moved to a Zeus cluster that's not behind the ACE. It will need some downtime because of apache + DNS changes, so Pike said tomm would be best.
Will close this out when that's done.
Assignee | ||
Comment 9•14 years ago
|
||
DNS changes made, working on Apache configs.
Assignee | ||
Comment 10•14 years ago
|
||
And this is done.
fox2mike@woodpecker ~ $ curl -I -L http://l10n-stage-sj.mozilla.org/
HTTP/1.1 302 Found
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 01 Jun 2011 15:29:51 GMT
Location: https://l10n-stage-sj.mozilla.org/
Transfer-Encoding: chunked
Connection: Keep-Alive
fox2mike@woodpecker ~ $ curl -I -L http://l10n-dev-sj.mozilla.org/
HTTP/1.1 302 Found
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 01 Jun 2011 15:31:04 GMT
Location: https://l10n-dev-sj.mozilla.org/
Transfer-Encoding: chunked
Connection: Keep-Alive
Working on 661240 now.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•