I've taken one of our old Pentium IV servers out of the regular Apache rotation
and made it into a testbed for an encrypted HTTPS interface to Wikimedia's wikis.
This should allow privileged accounts to log in and do their business on an open
wireless network without entrusting their password, session keys, etc to
everybody on the WLAN.
Currently it's using a self-signed certificate, but if we decide to keep this we
could pick up a "real" cert for convenience/peace of mind.
To visit a page on the encrypted server, transpose the domain elements into the
path like this:
http://en.wikipedia.org/wiki/SSL
->
https://secure.wikimedia.org/wikipedia/en/wiki/SSL
Due to our internal configuration, some will appear under 'wikipedia' that are
not Wikipedias, such as:
https://secure.wikimedia.org/wikipedia/foundation/wiki/Home
https://secure.wikimedia.org/wikipedia/mediawiki/wiki/MediaWiki
Please don't distribute links to this server in general usage; we may change the
URL scheme, or restrict it to logins-only to make sure it doesn't get loaded
down with random page views. It's just one machine, so if it does get overloaded
it shouldn't affect the operation of the site in general.
Not all of the wikis will work on it; in particular the Korean, Japanese, Thai,
and Malay Wikipedias which are hosted on our Korean servers are inaccessible via
HTTPS at this time.
There may be various oddities and rough edges (missing logos, broken links here
and there, etc). Images are still pulled from the separate, non-encrypted, file
server, so you may get browser notices about mixed security, and your HTTPS URLs
may appear in plaintext referer headers.
This box is also running PHP 5.1.1 and Apache 2.2.0, giving us a chance to test
the latest gizmos in a low-pressure corner of our production environment.
-- brion vibber (brion @
pobox.com)