Status

Infrastructure & Operations Graveyard
WebOps: Labs
VERIFIED FIXED
4 years ago
a year ago

People

(Reporter: mathjazz, Unassigned)

Tracking

Details

(Reporter)

Description

4 years ago
We're experimenting with Gaia localization using Pontoon. Pontoon enables us to localize websites (in this case Gaia apps) in-place, by loading them in an iframe and setting contenteditable attributes. You can try it here:

https://pontoon.mozillalabs.com/en-US/locale/de/project/testpilot/

ATM we have Gaia apps deployed as subdomains on Stas's server, e.g.:

http://browser.gaia.informationisart.com

Now, we'd like to move Gaia apps to Pontoon server for two reasons:

1. We'd like to use HTTPS to prevent mixed-content blocking hiccups.
2. We'd like to keep all Pontoon-related stuff in one place.

We can set all of this up ourselves, except for one thing. Apps need to be accessible as subdomains of pontoon.mozillalabs.com, which is necessary to properly load all app's resources. If possible, we'd like to use the following URL structure:

https://browser.gaia.pontoon.mozillalabs.com/
https://calendar.gaia.pontoon.mozillalabs.com/
https://email.gaia.pontoon.mozillalabs.com/
...

Could you please set up DNS so these subdomains will work? There will be many of them. Can we use something like wildcart certificate and DNS records to make subdomain maintenance easier?

We will probably need to add more of them in the future, but the current list is already looong:

https://etherpad.mozilla.org/AQYkXmdQ5Y
I've setup a wildcard CNAME *.pontoon.mozillalabs.com to pontoon.mozillalabs.com.

For now, for SSL, you'll get security warnings, but it will work.
For SSL support to be clean, you'd need a separate SSL certificate for:

*.gaia.pontoon.mozillalabs.com

Since wildcard certificates don't axpand past '.'

Alternatively, why not do something like:

https://gaia.pontoon.mozillalabs.com/APP/...
(Reporter)

Comment 3

4 years ago
The problem is that static files in apps are referenced with absolute pats.

Can we get a separate cert for *.gaia.pontoon.mozillalabs.com?
Depends on: 963627
(In reply to Matjaz Horvat [:mathjazz] from comment #3)
> The problem is that static files in apps are referenced with absolute pats.
> 
> Can we get a separate cert for *.gaia.pontoon.mozillalabs.com?

Yes, we sure can. I've filed bug 963627
(Reporter)

Comment 5

4 years ago
Thanks!
Done. SSL certificate deployed and Load-Balancer updated. All *.gaia.pontoon.mozillalabs.com will be directed at your VM over SSL.

You can take it from there.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Reporter)

Updated

4 years ago
Status: RESOLVED → VERIFIED
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.