Dzahn has submitted this change and it was merged. Change subject: Add secure.wikimedia.org (old SSL site) redirects to cluster ......................................................................
Add secure.wikimedia.org (old SSL site) redirects to cluster they are still on singer right now, but that needs to go. the redirect rules are exactly as they are on singer right now. they are a straight copy, what i changed versus the singer config was: - <VirtualHost 208.80.152.134:443> becomes <VirtualHost *> - <VirtualHost 208.80.152.134:80> is dropped. this had a single rule to redirect http to https RewriteRule ^/(.*)$ https://secure.wikimedia.org/$1 [R=302] - removed any logging related lines, like ErrorLog, CustomLog and LogLevel - removed SSLEngine/SSLCertificate/Key lines of course if this is merged there also needs to be a DNS change: secure 1H IN A 208.80.152.134 ; service IP, currently on singer would become secure 1H IN CNAME wikimedia-lb Change-Id: I3f62b4edbea910f4032d324d4599637b779c8f2c --- M all.conf A secure.wikimedia.conf D wikimedia-ssl-backend.conf 3 files changed, 30 insertions(+), 47 deletions(-) Approvals: jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/all.conf b/all.conf index 49bd105..ace299c 100644 --- a/all.conf +++ b/all.conf @@ -18,9 +18,6 @@ # A few single-subdomain projects Include /etc/apache2/wmf/remnant.conf -# secure.wikimedia.org unencrypted backend -Include /etc/apache2/wmf/wikimedia-ssl-backend.conf - # search.wikimedia.org Include /etc/apache2/wmf/search.wikimedia.conf @@ -36,4 +33,7 @@ # A couple of redirects for www.XXX.wikipedia.org Include /etc/apache2/wmf/postrewrites.conf +# A couple of redirects for old secure.wikimedia.org +Include /etc/apache2/wmf/secure.wikimedia.conf + # vim: syn=apache sts=4 sw=4 autoindent diff --git a/secure.wikimedia.conf b/secure.wikimedia.conf new file mode 100644 index 0000000..a549d59 --- /dev/null +++ b/secure.wikimedia.conf @@ -0,0 +1,27 @@ +# this is the old secure.wikimedia.org site +# as it was hosted on singer before we had proper https +# but cool URIs don't change, so moved over to cluster + +<VirtualHost *> + ServerName secure.wikimedia.org + ServerAdmin [email protected] + + DocumentRoot /usr/local/apache/common/docroot/secure + + # Old OTRS URLs + RewriteEngine On + RewriteRule ^/otrs/(.*)$ https://ticket.wikimedia.org/otrs/$1 [R=301,L] + RewriteRule ^/otrs-web/(.*)$ https://ticket.wikimedia.org/otrs-web/$1 [R=301,L] + + # old URLs, redirect them to proper SSL + RewriteRule ^/$ https://www.wikimedia.org/ [R=301,L] + RewriteRule ^/keys\.html$ https://www.mediawiki.org/keys/keys.html [R=301,L] + RewriteRule ^/(w/.*)$ https://meta.wikimedia.org/$1 [R=301,L,NE] + RewriteRule ^/wikipedia/(advisory|auditcom|boardgovcom|board|chair|chapcom|checkuser|collab|commons|donate|exec|grants|incubator|internal|meta|movementroles|office|otrs-wiki|outreach|quality|searchcom|spcom|species|steward|strategy|usability|wikimania\d+|wikimaniateam)/(.*)$ https://$1.wikimedia.org/$2 [R=301,L,NE] + RewriteRule ^/wikipedia/foundation/(.*)$ https://wikimediafoundation.org/$1 [R=301,L,NE] + RewriteRule ^/wikipedia/mediawiki/(.*)$ https://www.mediawiki.org/$1 [R=301,L,NE] + RewriteRule ^/wikipedia/sources/(.*)$ https://wikisource.org/$1 [R=301,L,NE] + RewriteRule ^/wikipedia/wikidata/(.*)$ https://www.wikidata.org/$1 [R=301,L,NE] + RewriteRule ^/(wikipedia|wikinews|wikisource|wikibooks|wikiquote|wikiversity|wiktionary|wikimedia)/([^@:/]+)/(.*)$ https://$2.$1.org/$3 [R=301,L,NE] + +</VirtualHost> diff --git a/wikimedia-ssl-backend.conf b/wikimedia-ssl-backend.conf deleted file mode 100644 index 72f48f6..0000000 --- a/wikimedia-ssl-backend.conf +++ /dev/null @@ -1,44 +0,0 @@ - -# Backend (unencrypted) handling for secure.wikimedia.org wikis -<VirtualHost *> - ServerName secure.wikimedia.org - DocumentRoot "/usr/local/apache/common/docroot/secure" - - AllowEncodedSlashes On - - RewriteEngine On - - # Extract the pieces to restore the common base path and fake the HTTP - # domain to match our other rules. - RewriteRule ^/$ /wikimedia/meta/w/extract2.php?title=Secure.wikimedia.org_portal&template=Secure.wikimedia.org_template - RewriteRule ^/(wikimedia|wikipedia|wiktionary|wikiquote|wikisource|wikibooks|wikinews|mediawiki|wikispecies|wikiversity)/([a-z0-9-]+)/(.*)$ /$3 [PT,E=MW_SECURE_HOST:$2.$1.org] -# RewriteRule ^/$ /w/index.php - - # Primary wiki redirector: - Alias /wiki /usr/local/apache/common/docroot/secure/w/index.php - - <Directory "/usr/local/apache/common/docroot/secure"> - Allow from all - Options FollowSymLinks - </Directory> - - <Directory "/usr/local/apache/common/docroot/secure/w"> - <IfModule mod_php5.c> - php_admin_flag engine on - </IfModule> - </Directory> - <Directory "/usr/local/apache/common/docroot/secure/w/extensions"> - <IfModule mod_php5.c> - php_admin_flag engine off - </IfModule> - </Directory> - <Directory "/usr/local/apache/common/docroot/secure/w/extensions/SecurePoll"> - php_admin_flag engine on - </Directory> -</VirtualHost> - - - - -# vim: set syn=apache autoindent : - -- To view, visit https://gerrit.wikimedia.org/r/60934 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3f62b4edbea910f4032d324d4599637b779c8f2c Gerrit-PatchSet: 6 Gerrit-Project: operations/apache-config Gerrit-Branch: master Gerrit-Owner: Dzahn <[email protected]> Gerrit-Reviewer: Dzahn <[email protected]> Gerrit-Reviewer: Faidon <[email protected]> Gerrit-Reviewer: Krinkle <[email protected]> Gerrit-Reviewer: Tim Starling <[email protected]> Gerrit-Reviewer: jenkins-bot _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
