I've merged (what I think are) the final patches required for using custom/vanity domains with the Cloud VPS web proxy. Here is an example:
https://wmcs-proxy-test.taavivaananen.fi/
And administrator documentation is available at [0]. [1] is the task tracking the implementation of this.
[0]: https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Web_proxy#Enable_... [1]: https://phabricator.wikimedia.org/T342398
I have not yet documented this in the user-facing docs, because we first need to decide which projects can use this feature. Historically the use of custom domains for Cloud VPS projects has been restricted by the fact that those required a floating IPv4 and we don't have many of those. My feeling (but I haven't checked) is that the vast majority of granted requests from the time I've been here have been for affiliates and for projects that are migrating from some external hosting with an existing domain to Cloud VPS.
Now that IPv4 scarcity is no longer a factor in this, we could in theory set up custom domains for everyone that wants one. Are we willing to do this or do we want to keep some requirements for having one? In my head the biggest argument for encouraging/requiring use of *.wmcloud.org is that it removes a major SPOF possibility from individual maintainers having control of vanity domains and then disappearing leaving the project stuck.
Taavi
On Tue, Oct 29, 2024 at 11:48 AM Taavi Väänänen taavi@debian.org wrote:
Now that IPv4 scarcity is no longer a factor in this, we could in theory set up custom domains for everyone that wants one. Are we willing to do this or do we want to keep some requirements for having one? In my head the biggest argument for encouraging/requiring use of *.wmcloud.org is that it removes a major SPOF possibility from individual maintainers having control of vanity domains and then disappearing leaving the project stuck.
Reposting from IRC for wider visibility:
[16:38] < bd808> I think your note about a vanity domain being a possible point of failure for a service is the main concern I would have too taavi, but having agreed with that I think things being hosted outside of Cloud VPS is a much bigger risk of loss than needing to replace URLs. [16:39] < bd808> I'm happy to be on the record as staying both "don't use a vanity domain for your Wikimedia project" and "host your tool's vanity domain with WMCS" ;)
Bryan
*I've merged (what I think are) the final patches required for usingcustom/vanity domains with the Cloud VPS web proxy.*
Nice! Very cool to see.
*I have not yet documented this in the user-facing docs, because we firstneed to decide which projects can use this feature.[...]*
*My feeling (but I haven't checked) is that the vast majority of grantedrequests from the time I've been here have been for affiliates and forprojects that are migrating from some external hosting with an existingdomain to Cloud VPS.*
In terms of use cases, I'd suggest 'restricting' this initially to those cases you've identified above (affiliates & pre-existing known, trusted tool domains), but with leeway for reasonable requests as to not become too rigid of a policy.
Kind regards,
*Sammy Fox*
*(They/Them)*
User:TheresNoTime https://meta.wikimedia.org/wiki/User:TheresNoTime
*This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email.*
On Tue, 29 Oct 2024 at 17:48, Taavi Väänänen taavi@debian.org wrote:
I've merged (what I think are) the final patches required for using custom/vanity domains with the Cloud VPS web proxy. Here is an example:
https://wmcs-proxy-test.taavivaananen.fi/
And administrator documentation is available at [0]. [1] is the task tracking the implementation of this.
[0]:
https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS/Admin/Web_proxy#Enable_... [1]: https://phabricator.wikimedia.org/T342398
I have not yet documented this in the user-facing docs, because we first need to decide which projects can use this feature. Historically the use of custom domains for Cloud VPS projects has been restricted by the fact that those required a floating IPv4 and we don't have many of those. My feeling (but I haven't checked) is that the vast majority of granted requests from the time I've been here have been for affiliates and for projects that are migrating from some external hosting with an existing domain to Cloud VPS.
Now that IPv4 scarcity is no longer a factor in this, we could in theory set up custom domains for everyone that wants one. Are we willing to do this or do we want to keep some requirements for having one? In my head the biggest argument for encouraging/requiring use of *.wmcloud.org is that it removes a major SPOF possibility from individual maintainers having control of vanity domains and then disappearing leaving the project stuck.
Taavi _______________________________________________ Cloud-admin mailing list -- cloud-admin@lists.wikimedia.org List information: https://lists.wikimedia.org/postorius/lists/cloud-admin.lists.wikimedia.org/
Thank you Bryan and Sammy for your comments! I've added a section to the user-facing documentation about the new feature: https://wikitech.wikimedia.org/wiki/Help:Using_a_web_proxy_to_reach_Cloud_VPS_servers_from_the_internet#Vanity_domains
The next step is seeing up what kinds of requests people come with, and we can then tweak the criteria and instructions if necessary.
Taavi
cloud-admin@lists.wikimedia.org