Closed Bug 986712 Opened 10 years ago Closed 10 years ago

public-facing test server for working on mozilla::pkix

Categories

(Infrastructure & Operations :: IT-Managed Tools, task)

Product:
Infrastructure & Operations
Component:
IT-Managed Tools
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: keeler, Unassigned)

References

Details

(Whiteboard: [kanban:https://kanbanize.com/ctrl_board/4/191] [business - new app]) 

We're working on a new certificate verification library (mozilla::pkix - see bug 915930, etc.) and it would be really useful to have a public-facing test server where we could try out various ssl certificates. A small VM with nginx, openssl, and maybe node would be about what we need, I imagine.
Assignee: server-ops → server-ops-webops
Component: Server Operations → WebOps: IT-Managed Tools
Product: mozilla.org → Infrastructure & Operations
QA Contact: shyam → nmaul
We discussed this yesterday and we can use Apache if that is quicker to deploy. There is no app / site requirement (hello world is sufficient). Devs require either root access or a method of updating the certs. Due to this requirement we cannot offload SSL to Zeus, we can either do a ZLB pass through of 443 or open a netflow to allow external connections to this VM over port 443. I will needinfo :ulfr for an opinion on this.

Requirements will be one tiny VM with some sort of SSL serving capability and dev access to swap out certs. Should be quick and simple as there are no external dependencies.

Cheers
Flags: needinfo?(jvehent)
Whiteboard: [business - new app]
This has no risk factor, so we can go with whatever is most convenient. My guess is that :keeler wants as many test endpoints as possible, so it would be easier to take a public IP, and route all traffic to a given VM for a given port range.

:keeler, what do you want the tests to focus on? If it's only cert parsing, then Apache will do. If you want other SSL stacks, with HEAD OpenSSL for example, then we can build something custom for you.
Flags: needinfo?(jvehent)
Yes, the focus is user-agent certificate parsing and validation, so Apache should do fine. Thanks!
i think this would be a great use for Amazon EC2 instances. since the environments you need are basically ephemeral, i believe it would be the perfect place to do this work. additionally, this route would have no requirement for IT involvement, so you would be able to work at your own pace.
Hi,

Any opinion on the suggestion from chris in comment 4? Would you like us to help you get going in that direction or is there a reason you do not wish to take that route?

Thanks
Sorry - I've been on vacation. An Amazon EC2 instance would be perfect.
Thanks!
Whiteboard: [business - new app] → [kanban:https://kanbanize.com/ctrl_board/4/191] [business - new app]
This got resolved.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.