Closed Bug 991108 Opened 11 years ago Closed 11 years ago

Publishing a website for Moco-only via people.mozilla.org

Categories

(Infrastructure & Operations :: Infrastructure: Other, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Other
Platform:
x86_64
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: benjamin, Assigned: jabba)

Details

I have some statistics data and HTTP presentation that I'd like to publish on people.mozilla.org, but for now it should only be accessible to Mozilla employees. I'd like to be able to protect this content somehow. I can think of some potential options, and I'm happy for any of them: * Use .htaccess to require LDAP login * Use .htaccess to require an @mozilla.com persona login via https://github.com/mozilla/mod_authnz_persona * Have a separate subtree private_html which automatically is MoCo-only and gets mapped to https://people.mozilla.org/~bsmedberg/private/
If this were something that you pushed updates to via svn or git, and then the updates were deployed automatically to a website somewhere *besides* people.m.o (that was LDAP protected, either MoCo or MoFoCo, your choice), would that be sufficient for your purposes?
I've created a dedicated bind user for this purpose and formulated a .htaccess file that should do the right thing here (force SSL, do LDAP auth). I think long term if this ends up being something more automated and long-lived part of the infrastructure, we should probably look into creating a more dedicated space for it, which isn't tied to a specific user's people.m.o public_html. We should be good for now though. Let us know if we can help find a more official place to put this data.
Assignee: infra → jdow
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Also, the .htaccess method was chose due to letting the user have some control over where to put this, etc. If we determine that other users want a similar type thing and want to standardize, we can create a <Directory /home/*/public_html/private> directive to make it a more standard thing.
If it's not too much work, I think the standard thing would be valuable. In particular I filed this bug because metrics has something like this at metrics.mozilla.com/protected. They said that it might be possible to put this on app1.metrics.scl3.mozilla.com but IT was considering discontinuing that server. All of this is one-off and experimental, so probably not particularly useful to file and spend your time getting it set up on real infra.
You need to log in before you can comment on or make changes to this bug.