*
https://bugzilla.wikimedia.org/show_bug.cgi?id=20643
-- Serve SSL/HTTPS
sites out of same domain names as HTTP access:
https://en.wikipedia.org/
This'll need more work as it has to deal with the offsite proxies, multiple
domains, etc. But it's been on the slate for a long time and we did some
live experiments in 2007 that looked positive; if done it'll make the SSL
views of the site friendlier to use, and smart session/cookie management
could keep people form having to manually bounce themselves between SSL and
non-SSL links.
This is the only reliable way of doing HTTPS, and will be the method I
use to attack this problem. Basic SSL termination should work fairly
well with this, but we will likely need to do some network trickery to
make this work as we want. We don't want to run the SSL termination on
the same hardware as our non-SSL proxies, as we'd have to optimize for
two different workloads, so we are currently looking at doing this as
a separate cluster.
I don't have a timeframe for completion, but I hope to work on this at
some point soon.
- Ryan