Brion Vibber wrote:
I would definitely recommend this -- it's been on the agenda for.... well literally for *years*, but always got swallowed up by time spent on other things.
It should be pretty straightforward actually to aim a few of those standalone wikis straight at the existing secure.wikimedia.org proxy -- which appears to currently have a *.wikimedia.org wildcard cert -- or at another dedicated one, and swap both the non-SSL URLs and the old-fashioned secure.wikimedia.org entries for them to redirect to the canonical domain with HTTPS.
Thus we could simply use https://internal.wikimedia.org/ etc.
This could be done with much less worry about configuration changes and load issues than doing the same for the higher-profile, higher-traffic sites on their own domains, but can help build familiarity and confidence for both ops and users.
-- brion
Created as bug 27622 (I don't have access to RT) https://bugzilla.wikimedia.org/show_bug.cgi?id=27622