Last modified: 2013-06-18 16:52:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T29622, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 27622 - Setup internal wikis as https only
Setup internal wikis as https only
Status: RESOLVED FIXED
Product: Wikimedia
Classification: Unclassified
SSL related (Other open bugs)
unspecified
All All
: Normal enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
http://thread.gmane.org/gmane.science...
: ops
Depends on: 20643
Blocks: ssl
  Show dependency treegraph
 
Reported: 2011-02-21 23:41 UTC by Platonides
Modified: 2013-06-18 16:52 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Platonides 2011-02-21 23:41:51 UTC 
From wikitech-l thread:

Private wikis should require HTTPS by default.

Roughly this would need;
* Setup a server for this role and give it an external ip.
* Configure to answer https: with the star certificate and then perform the normal wiki routing.
* Redirect http to https.
* Change usage of bits load.php to the local one (avoid mixed content warnings and protect against active attackers).
* Change the dns records to the new ip.
* Profit!

No need for caching layer in front of it, as anonymous users can't read it. If there were, $wgCookieSecure may need to be manually set.
Comment 1 Nemo 2011-02-26 21:13:58 UTC 
http://meta.wikimedia.org/wiki/Wikimedia_wikis#Private_wikis contains an organized list of internal/private wikis.
Comment 2 Brion Vibber 2011-07-15 23:23:30 UTC 
We're now testing office.wikimedia.org in http/https dual mode on the regular domain (per bug 20643); forcing it to SSL-only at this point should be pretty easy.

At this point rather than setting up a second HTTPS-only server to handle a couple domains, I'd recommend just continuing to build out that infrastructure for the other private/internal wikis and then flipping them to require SSL for logins; adding as a dependency.
Comment 3 Antoine "hashar" Musso (WMF) 2012-02-21 10:39:31 UTC 
office.wikimedia.org is now HTTPS only with a redirect.

I guess we can establish a list and start migrating all the other private wikis.
Comment 4 Platonides 2012-02-21 12:04:36 UTC 
You mean a list like private.dblist?
Comment 5 Antoine "hashar" Musso (WMF) 2012-03-02 20:18:45 UTC 
I have created a RT ticket for operations team:

 https://rt.wikimedia.org/Ticket/Display.html?id=2565
Comment 6 Antoine "hashar" Musso (WMF) 2012-03-27 07:37:23 UTC 
Ticket 2565 has been closed on March 19th. The private wikis have been to relocate to HTTPS.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links