It looks like in beta, the apache configuration is redirecting http://login.wikimedia.org to https.
I'm not sure where those configs are stored, but can we remove that? I did that for production a while back, but it looks like the change didn't get into beta.
This will let us enable SUL2 without https support in beta.
Version: unspecified
Severity: normal
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | None | T57760 wikipedia.beta.wmflabs.org sending forceHTTPS cookie | |||
| Resolved | • csteipp | T57804 Remove https redirect for loginwiki in beta |
The MediaWiki configuration for beta are the same as being used in production: operations/mediawiki-config.git although there are some override in files named suffixed with '-labs.php'.
So if that feature got enabled in production, it has been enabled at the same time on beta :-] Whatever the option is, you will want to override it either in wmf-config/CommonSettings-labs.php or wmf-config/InitialiseSettings-labs.php.
I took a look through CommonSettings and InitialiseSettings but didn't find any likely sources to control a redirect to https.
Is this control actually in the apache .conf itself? Or did I just miss it in the Settings.php files?
This is in apache's config. So I made the change in wikimedia.conf for production... I'm not sure what the beta equivalent of that is.
oops.
The Apache confs are in the project shared directory under /data/project/apache/conf The directory is a local git repository so you can track changes.
Once changed, you have to manually restart apache on deployment-apache32.pmtpa.wmflabs and deployment-apache33.pmtpa.wmflabs.
Sorry for the confusion.
The contents of wikimedia.conf and also of wikimedia-ssl-backend.conf and many others here:
My apache-fu is long out of date. Is it loginwiki.conf that we want? It is the only conf file in the directory that mentions https explicitly.
The contents of the directory:
@deployment-bastion:/data/project/apache/conf$ ls
all.conf foundation.conf nonexistent.conf redirects.conf testwiki.conf wikimedia.conf wikiquote.conf wikiversity.conf wmflabs-logging.conf
config.conf loginwiki.conf placeholder.conf remnant.conf upload.conf wikimedia-ssl-backend.conf wikisource.conf wiktionary.conf www.wikipedia.conf
en2.conf main.conf postrewrites.conf site.conf wikidata.conf wikinews.conf wikispecies.conf wmflabs.conf
Yep, just need to comment out these lines in loginwiki.conf:
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^/(.*)$ https://login.wikimedia.beta.wmflabs.org/$1 [R=301,L]I'll do that in the morning when other people are around in case something blows up.
I updated the apache config and restarted the apaches. deployment-cache-text1 is still giving the https redirect for now:
csteipp@linux-hv06:~> curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1 | egrep "(Location|X-Cache:)"
Location: https://login.wikimedia.beta.wmflabs.org/
X-Cache: deployment-cache-text1 hit (3), deployment-cache-text1 frontend hit (3)
However the backend apaches are correctly not redirecting at this point:
csteipp@deployment-bastion:/data/project/apache/conf$ curl -I -H "Host: login.wikimedia.beta.wmflabs.org" http://10.4.0.187 2>&1 | grep Location
Location: http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page
So, hopefully in about 1200 seconds, we'll get the right answer from the cache too.
Assigning to Chris Steipp since he did all the work :-]
I have purged the page using:
hashar@deployment-bastion:~$ mwscript purgeList.php --wiki=enwiki
http://login.wikimedia.beta.wmflabs.org/
^D
Purging 1 urls
Done!
Before:
$ curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1
HTTP/1.1 301 Moved Permanently
Server: Apache
Location: https://login.wikimedia.beta.wmflabs.org/
Content-Type: text/html; charset=iso-8859-1
Vary: X-Forwarded-Proto
X-Varnish: 687980 209891, 906468551 906468446
Via: 1.1 varnish, 1.1 varnish
Content-Length: 249
Accept-Ranges: bytes
Date: Fri, 18 Oct 2013 19:49:09 GMT
Age: 349692
Connection: keep-alive
X-Cache: deployment-cache-text1 hit (6), deployment-cache-text1 frontend hit (4)
AFTER purge:
$ curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1
HTTP/1.1 301 Moved Permanently
Server: Apache
X-Powered-By: PHP/5.3.10-1ubuntu3.8+wmf2
X-Content-Type-Options: nosniff
Cache-control: s-maxage=1200, must-revalidate, max-age=0
Vary: Accept-Encoding,X-Forwarded-Proto,Cookie
X-Vary-Options: Accept-Encoding;list-contains=gzip,X-Forwarded-Proto,Cookie;string-contains=loginwikiToken;string-contains=loginwikiLoggedOut;string-contains=forceHTTPS;string-contains=loginwikiSession;string-contains=centralauth_Token;string-contains=centralauth_Session;string-contains=centralauth_LoggedOut;string-contains=mf_useformat;string-contains=stopMobileRedirect
Last-Modified: Fri, 18 Oct 2013 19:49:28 GMT
Location: http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page
Content-Type: text/html; charset=utf-8
X-Varnish: 688133, 906468558
Via: 1.1 varnish, 1.1 varnish
Date: Fri, 18 Oct 2013 19:49:28 GMT
Age: 0
Connection: keep-alive
X-Cache: deployment-cache-text1 miss (0), deployment-cache-text1 frontend miss (0)
I guess that fix the issue.
I have purged http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page as well, was redirecting to the https version.