Akosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/84873
Change subject: Disable HTTPS on etherpad.wikimedia.org ...................................................................... Disable HTTPS on etherpad.wikimedia.org It makes no sense to have HTTPS for this for the following reasons: 1) HTTPS does not provides authentication (obviously). It actually is possible to impersonate anyone at anytime due to the nature of the software and the specific installation 2) HTTPS does not provide non-repudation (as above) 3) Integrity while data is transported is completely irrelevant in this case since any data can be changed by anyone in the world at anytime in this installation 4) Confidentiality of the data is also completely irrelevant since any data can be read by anyone at anytime in this installation In the sake of consistency and not providing a false sense of security this patch disables HTTPS on etherpad.wikimedia.org Change-Id: Ida97e1c3bf632bad6d7a7a99e4f90440b8ea4b51 --- M templates/apache/sites/etherpad_lite.wikimedia.org.erb 1 file changed, 4 insertions(+), 56 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/73/84873/1 diff --git a/templates/apache/sites/etherpad_lite.wikimedia.org.erb b/templates/apache/sites/etherpad_lite.wikimedia.org.erb index 5976897..d6a3bcb 100644 --- a/templates/apache/sites/etherpad_lite.wikimedia.org.erb +++ b/templates/apache/sites/etherpad_lite.wikimedia.org.erb @@ -7,9 +7,9 @@ <VirtualHost *:80> ServerName <%= etherpad_host %> -<% if etherpad_serveraliases -%> + <%- if etherpad_serveraliases -%> ServerAlias <%= etherpad_serveraliases %> -<% end -%> + <%- end -%> RewriteEngine on ProxyVia On @@ -17,7 +17,7 @@ ProxyPass / http://<%= etherpad_ip %>:<%= etherpad_port %>/ ProxyPassReverse / http://<%= etherpad_ip %>:<%= etherpad_port %>/ ProxyPreserveHost On - RewriteRule /p/*$ https://etherpad.wikimedia.org/ [NC,L] + RewriteRule /p/*$ http://etherpad.wikimedia.org/ [NC,L] RewriteCond %{REQUEST_URI} !^/locales/ RewriteCond %{REQUEST_URI} !^/locales.json RewriteCond %{REQUEST_URI} !^/admin @@ -37,58 +37,7 @@ RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/p/$1 [L] RewriteCond %{HTTP_HOST} !etherpad.wikimedia.org - RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/$1 [R=301,L] - - <Proxy *> - Options FollowSymLinks MultiViews - AllowOverride All - Order allow,deny - Allow from all - </Proxy> - -</VirtualHost> - -<VirtualHost *:443> - - ServerName <%= etherpad_host %> -<% if etherpad_serveraliases -%> - ServerAlias <%= etherpad_serveraliases %> -<% end -%> - - SSLEngine on - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA - SSLHonorCipherOrder on - SSLCertificateFile <%= etherpad_ssl_cert %> - SSLCertificateKeyFile <%= etherpad_ssl_key %> - - RewriteEngine on - ProxyVia On - ProxyRequests Off - ProxyPass / http://<%= etherpad_ip %>:<%= etherpad_port %>/ - ProxyPassReverse / http://<%= etherpad_ip %>:<%= etherpad_port %>/ - ProxyPreserveHost On - RewriteRule /p/*$ https://etherpad.wikimedia.org/ [NC,L] - RewriteCond %{REQUEST_URI} !^/locales/ - RewriteCond %{REQUEST_URI} !^/locales.json - RewriteCond %{REQUEST_URI} !^/admin - RewriteCond %{REQUEST_URI} !^/p/ - RewriteCond %{REQUEST_URI} !^/static/ - RewriteCond %{REQUEST_URI} !^/pluginfw/ - RewriteCond %{REQUEST_URI} !^/javascripts/ - RewriteCond %{REQUEST_URI} !^/socket.io/ - RewriteCond %{REQUEST_URI} !^/ep/ - RewriteCond %{REQUEST_URI} !^/minified/ - RewriteCond %{REQUEST_URI} !^/api/ - RewriteCond %{REQUEST_URI} !^/ro/ - RewriteCond %{REQUEST_URI} !^/error/ - RewriteCond %{REQUEST_URI} !^/jserror - RewriteCond %{REQUEST_URI} !/favicon.ico - RewriteCond %{REQUEST_URI} !/robots.txt - RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/p/$1 [L] - - RewriteCond %{HTTP_HOST} !etherpad.wikimedia.org - RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/$1 [R=301,L] + RewriteRule ^/+(.+)$ http://etherpad.wikimedia.org/$1 [R=301,L] <Proxy *> Options FollowSymLinks MultiViews @@ -96,5 +45,4 @@ Order allow,deny Allow from all </Proxy> - </VirtualHost> -- To view, visit https://gerrit.wikimedia.org/r/84873 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ida97e1c3bf632bad6d7a7a99e4f90440b8ea4b51 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Akosiaris <akosia...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits