We're experimenting with Gaia localization using Pontoon. Pontoon enables us to localize websites (in this case Gaia apps) in-place, by loading them in an iframe and setting contenteditable attributes. You can try it here: https://pontoon.mozillalabs.com/en-US/locale/de/project/testpilot/ ATM we have Gaia apps deployed as subdomains on Stas's server, e.g.: http://browser.gaia.informationisart.com Now, we'd like to move Gaia apps to Pontoon server for two reasons: 1. We'd like to use HTTPS to prevent mixed-content blocking hiccups. 2. We'd like to keep all Pontoon-related stuff in one place. We can set all of this up ourselves, except for one thing. Apps need to be accessible as subdomains of pontoon.mozillalabs.com, which is necessary to properly load all app's resources. If possible, we'd like to use the following URL structure: https://browser.gaia.pontoon.mozillalabs.com/ https://calendar.gaia.pontoon.mozillalabs.com/ https://email.gaia.pontoon.mozillalabs.com/ ... Could you please set up DNS so these subdomains will work? There will be many of them. Can we use something like wildcart certificate and DNS records to make subdomain maintenance easier? We will probably need to add more of them in the future, but the current list is already looong: https://etherpad.mozilla.org/AQYkXmdQ5Y
I've setup a wildcard CNAME *.pontoon.mozillalabs.com to pontoon.mozillalabs.com. For now, for SSL, you'll get security warnings, but it will work.
For SSL support to be clean, you'd need a separate SSL certificate for: *.gaia.pontoon.mozillalabs.com Since wildcard certificates don't axpand past '.' Alternatively, why not do something like: https://gaia.pontoon.mozillalabs.com/APP/...
The problem is that static files in apps are referenced with absolute pats. Can we get a separate cert for *.gaia.pontoon.mozillalabs.com?
(In reply to Matjaz Horvat [:mathjazz] from comment #3) > The problem is that static files in apps are referenced with absolute pats. > > Can we get a separate cert for *.gaia.pontoon.mozillalabs.com? Yes, we sure can. I've filed bug 963627
Done. SSL certificate deployed and Load-Balancer updated. All *.gaia.pontoon.mozillalabs.com will be directed at your VM over SSL. You can take it from there.