Page MenuHomePhabricator
Create Task
Maniphest T29622

Setup internal wikis as https only
Closed, ResolvedPublic
Actions

Description

From wikitech-l thread:

Private wikis should require HTTPS by default.

Roughly this would need;

  • Setup a server for this role and give it an external ip.
  • Configure to answer https: with the star certificate and then perform the normal wiki routing.
  • Redirect http to https.
  • Change usage of bits load.php to the local one (avoid mixed content warnings and protect against active attackers).
  • Change the dns records to the new ip.
  • Profit!

No need for caching layer in front of it, as anonymous users can't read it. If there were, $wgCookieSecure may need to be manually set.

Version: unspecified
Severity: enhancement
URL: http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/52317

Details

Reference
bz27622

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:28 PM
bzimport added projects: HTTPS, acl*sre-team.
bzimport set Reference to bz27622.
bzimport added a subscriber: Unknown Object (MLST).
Platonides created this task.Feb 21 2011, 11:41 PM
Nemo_bis added a comment.Feb 26 2011, 9:13 PM

http://meta.wikimedia.org/wiki/Wikimedia_wikis#Private_wikis contains an organized list of internal/private wikis.

brion added a comment.Jul 15 2011, 11:23 PM

We're now testing office.wikimedia.org in http/https dual mode on the regular domain (per bug 20643); forcing it to SSL-only at this point should be pretty easy.

At this point rather than setting up a second HTTPS-only server to handle a couple domains, I'd recommend just continuing to build out that infrastructure for the other private/internal wikis and then flipping them to require SSL for logins; adding as a dependency.

hashar added a comment.Feb 21 2012, 10:39 AM

office.wikimedia.org is now HTTPS only with a redirect.

I guess we can establish a list and start migrating all the other private wikis.

Platonides added a comment.Feb 21 2012, 12:04 PM

You mean a list like private.dblist?

hashar added a comment.Mar 2 2012, 8:18 PM

I have created a RT ticket for operations team:

https://rt.wikimedia.org/Ticket/Display.html?id=2565

hashar added a comment.Mar 27 2012, 7:37 AM

Ticket 2565 has been closed on March 19th. The private wikis have been to relocate to HTTPS.

Phabricator_maintenance removed a subscriber: wikibugs-l-list.Aug 5 2016, 11:40 AM
Restricted Application added a project: Traffic. · View Herald TranscriptAug 5 2016, 11:40 AM
Phabricator_maintenance removed a parent task: T29946: [DO NOT USE] SSL related (tracking) [superseded by #HTTPS].Aug 5 2016, 11:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL