[QA] deployment-prep using valid certs for HTTPS

Alex Monk alex at wikimedia.org
Tue Aug 2 10:51:59 UTC 2016


Hi all,

With some help from Brandon, I've changed deployment-prep to use Let's
Encrypt instead of the self-signed cert I added last year (to get HTTPS
working - albeit improperly-signed - instead of nothing, and nginx/puppet
working on the Varnish instances again).
It should now behave much more like production - TLS redirects are enabled
in Varnish, and you shouldn't have to ignore cert warnings to use it now.
Details for HTTPS in deployment-prep are spread out over various tickets,
but the main one now is https://phabricator.wikimedia.org/T50501
The puppetisation still needs some work, but it's cherry-picked on
deployment-puppetmaster and seems to be working reliably.

Pages with images may need to be null-edited to make MediaWiki generate
HTTPS URLs for them so browsers don't block the images.
Please let me know if you find any beta.wmflabs.org domains that aren't
covered by the cert or aren't redirecting HTTP to HTTPS in Varnish.

-- 
Alex Monk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/qa/attachments/20160802/34c9ca9d/attachment.html>


More information about the QA mailing list