<quote name="Bryan Davis" date="2016-08-02" time="09:16:33 -0700"> > On Tue, Aug 2, 2016 at 3:51 AM, Alex Monk <a...@wikimedia.org> wrote: > > Hi all, > > > > With some help from Brandon, I've changed deployment-prep to use Let's > > Encrypt instead of the self-signed cert I added last year (to get HTTPS > > working - albeit improperly-signed - instead of nothing, and nginx/puppet > > working on the Varnish instances again). > > It should now behave much more like production - TLS redirects are enabled > > in Varnish, and you shouldn't have to ignore cert warnings to use it now. > > Details for HTTPS in deployment-prep are spread out over various tickets, > > but the main one now is https://phabricator.wikimedia.org/T50501 > > The puppetisation still needs some work, but it's cherry-picked on > > deployment-puppetmaster and seems to be working reliably. > > > > Pages with images may need to be null-edited to make MediaWiki generate > > HTTPS URLs for them so browsers don't block the images. > > Please let me know if you find any beta.wmflabs.org domains that aren't > > covered by the cert or aren't redirecting HTTP to HTTPS in Varnish. > > This is really cool and another recent example of Alex grinding out > the steps to close a long standing feature wish for the beta cluster. > Thanks!
+1, thanks Krenair -- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | identi.ca: @greg A18D 1138 8E47 FAC8 1C7D | _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l