Last modified: 2013-10-18 23:20:39 UTC
It looks like in beta, the apache configuration is redirecting http://login.wikimedia.org to https. I'm not sure where those configs are stored, but can we remove that? I did that for production a while back, but it looks like the change didn't get into beta. This will let us enable SUL2 without https support in beta.
The MediaWiki configuration for beta are the same as being used in production: operations/mediawiki-config.git although there are some override in files named suffixed with '-labs.php'. So if that feature got enabled in production, it has been enabled at the same time on beta :-] Whatever the option is, you will want to override it either in wmf-config/CommonSettings-labs.php or wmf-config/InitialiseSettings-labs.php.
I took a look through CommonSettings and InitialiseSettings but didn't find any likely sources to control a redirect to https. Is this control actually in the apache .conf itself? Or did I just miss it in the Settings.php files?
This is in apache's config. So I made the change in wikimedia.conf for production... I'm not sure what the beta equivalent of that is.
oops. The Apache confs are in the project shared directory under /data/project/apache/conf The directory is a local git repository so you can track changes. Once changed, you have to manually restart apache on deployment-apache32.pmtpa.wmflabs and deployment-apache33.pmtpa.wmflabs. Sorry for the confusion.
The contents of wikimedia.conf and also of wikimedia-ssl-backend.conf and many others here: ### # This Apache configuration file should be left empty # # It is supposed to be linked to whenever we want to skip an Apache # configuration file coming from production. ### My apache-fu is long out of date. Is it loginwiki.conf that we want? It is the only conf file in the directory that mentions https explicitly. The contents of the directory: @deployment-bastion:/data/project/apache/conf$ ls all.conf foundation.conf nonexistent.conf redirects.conf testwiki.conf wikimedia.conf wikiquote.conf wikiversity.conf wmflabs-logging.conf config.conf loginwiki.conf placeholder.conf remnant.conf upload.conf wikimedia-ssl-backend.conf wikisource.conf wiktionary.conf www.wikipedia.conf en2.conf main.conf postrewrites.conf site.conf wikidata.conf wikinews.conf wikispecies.conf wmflabs.conf
Yep, just need to comment out these lines in loginwiki.conf: RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^/(.*)$ https://login.wikimedia.beta.wmflabs.org/$1 [R=301,L] I'll do that in the morning when other people are around in case something blows up.
I updated the apache config and restarted the apaches. deployment-cache-text1 is still giving the https redirect for now: csteipp@linux-hv06:~> curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1 | egrep "(Location|X-Cache:)" Location: https://login.wikimedia.beta.wmflabs.org/ X-Cache: deployment-cache-text1 hit (3), deployment-cache-text1 frontend hit (3) However the backend apaches are correctly not redirecting at this point: csteipp@deployment-bastion:/data/project/apache/conf$ curl -I -H "Host: login.wikimedia.beta.wmflabs.org" http://10.4.0.187 2>&1 | grep Location Location: http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page So, hopefully in about 1200 seconds, we'll get the right answer from the cache too.
Assigning to Chris Steipp since he did all the work :-] I have purged the page using: hashar@deployment-bastion:~$ mwscript purgeList.php --wiki=enwiki http://login.wikimedia.beta.wmflabs.org/ ^D Purging 1 urls Done! Before: $ curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1 HTTP/1.1 301 Moved Permanently Server: Apache Location: https://login.wikimedia.beta.wmflabs.org/ Content-Type: text/html; charset=iso-8859-1 Vary: X-Forwarded-Proto X-Varnish: 687980 209891, 906468551 906468446 Via: 1.1 varnish, 1.1 varnish Content-Length: 249 Accept-Ranges: bytes Date: Fri, 18 Oct 2013 19:49:09 GMT Age: 349692 Connection: keep-alive X-Cache: deployment-cache-text1 hit (6), deployment-cache-text1 frontend hit (4) AFTER purge: $ curl -qI 'http://login.wikimedia.beta.wmflabs.org' 2>&1 HTTP/1.1 301 Moved Permanently Server: Apache X-Powered-By: PHP/5.3.10-1ubuntu3.8+wmf2 X-Content-Type-Options: nosniff Cache-control: s-maxage=1200, must-revalidate, max-age=0 Vary: Accept-Encoding,X-Forwarded-Proto,Cookie X-Vary-Options: Accept-Encoding;list-contains=gzip,X-Forwarded-Proto,Cookie;string-contains=loginwikiToken;string-contains=loginwikiLoggedOut;string-contains=forceHTTPS;string-contains=loginwikiSession;string-contains=centralauth_Token;string-contains=centralauth_Session;string-contains=centralauth_LoggedOut;string-contains=mf_useformat;string-contains=stopMobileRedirect Last-Modified: Fri, 18 Oct 2013 19:49:28 GMT Location: http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page Content-Type: text/html; charset=utf-8 X-Varnish: 688133, 906468558 Via: 1.1 varnish, 1.1 varnish Date: Fri, 18 Oct 2013 19:49:28 GMT Age: 0 Connection: keep-alive X-Cache: deployment-cache-text1 miss (0), deployment-cache-text1 frontend miss (0) I guess that fix the issue.
I have purged http://login.wikimedia.beta.wmflabs.org/wiki/Main_Page as well, was redirecting to the https version.
