Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/185181
Change subject: Add HTTPS support to parsoid varnishes
......................................................................
Add HTTPS support to parsoid varnishes
Parsoid varnishes never supported HTTPS. This was intentional but right
now parsoid services also host cxserver and very soon citoid (see
T76949). Those are public services that are fetched via XHR and browsers
at this point throw warnings about fetching resources insecurely. Chrome
38 and above however, block the request. Use role::cache::ssl::sni to
terminate HTTPS on the parsoid varnishes via nginx and pass the HTTP
request to the varnish backend
Bug: T86847
Change-Id: I83574f6a92d28bcbc59d9fe412406516293782da
---
M manifests/role/cache.pp
1 file changed, 1 insertion(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/81/185181/1
diff --git a/manifests/role/cache.pp b/manifests/role/cache.pp
index a8291c0..c2da238 100644
--- a/manifests/role/cache.pp
+++ b/manifests/role/cache.pp
@@ -1422,6 +1422,7 @@
class parsoid inherits role::cache::varnish::2layer {
if ( $::realm == 'production' ) {
+ include role::cache::ssl::sni
class { 'lvs::realserver':
realserver_ips =>
$lvs::configuration::lvs_service_ips[$::realm]['parsoidcache'][$::site],
}
--
To view, visit https://gerrit.wikimedia.org/r/185181
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I83574f6a92d28bcbc59d9fe412406516293782da
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
