5 years ago
3 years ago


(Reporter: mathjazz, Unassigned)





5 years ago
We're experimenting with Gaia localization using Pontoon. Pontoon enables us to localize websites (in this case Gaia apps) in-place, by loading them in an iframe and setting contenteditable attributes. You can try it here:

ATM we have Gaia apps deployed as subdomains on Stas's server, e.g.:

Now, we'd like to move Gaia apps to Pontoon server for two reasons:

1. We'd like to use HTTPS to prevent mixed-content blocking hiccups.
2. We'd like to keep all Pontoon-related stuff in one place.

We can set all of this up ourselves, except for one thing. Apps need to be accessible as subdomains of, which is necessary to properly load all app's resources. If possible, we'd like to use the following URL structure:

Could you please set up DNS so these subdomains will work? There will be many of them. Can we use something like wildcart certificate and DNS records to make subdomain maintenance easier?

We will probably need to add more of them in the future, but the current list is already looong:
I've setup a wildcard CNAME * to

For now, for SSL, you'll get security warnings, but it will work.
For SSL support to be clean, you'd need a separate SSL certificate for:


Since wildcard certificates don't axpand past '.'

Alternatively, why not do something like:

Comment 3

5 years ago
The problem is that static files in apps are referenced with absolute pats.

Can we get a separate cert for *
Depends on: 963627
(In reply to Matjaz Horvat [:mathjazz] from comment #3)
> The problem is that static files in apps are referenced with absolute pats.
> Can we get a separate cert for *

Yes, we sure can. I've filed bug 963627

Comment 5

5 years ago
Done. SSL certificate deployed and Load-Balancer updated. All * will be directed at your VM over SSL.

You can take it from there.
Last Resolved: 5 years ago
Resolution: --- → FIXED


5 years ago
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.