Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1d — SSL Between backend servers and Fastly #42

Closed
4 tasks done
renoirb opened this issue Jan 10, 2015 · 2 comments
Closed
4 tasks done

1d — SSL Between backend servers and Fastly #42

renoirb opened this issue Jan 10, 2015 · 2 comments
Assignees
@renoirb
Labels
Automatization critical
Milestone
Goal: Automate de...

Comments

@renoirb
Copy link
Member

renoirb commented Jan 10, 2015

SSL communication has to be done both between

  1. Fastly and visitor
  2. Fastly and backend (our servers)

At this moment, only the first case is fulfilled, that’s what we change for all services that are served by Fastly.

Web apps progress

  • docs.webplatform.org
  • Ensure www.webplatform.org suports both, but don’t force SSL
  • blog.webplatform.org
  • stats.webplatform.org

Estimated steps

  • Update documentation in https://docs.webplatform.org/wiki/WPD:Infrastructure/architecture/SSL_certificates
  • Ensure any public facing subdomains, on both webplatform.org AND webplatformstaging.org has valid certificates from an accepted CA
  • Use StartSSL certificates for the obscure endpoints but yet user facing (e.g. oauth.accounts.webplatform.org MUST be from a known Certificate Authority, but most users won’t see in their browsers)
  • Make sure Fastly has them installed
  • Make sure Fastly connects to backends servers (our VMs) through IPADDR:443
  • Make sure all web servers (e.g. NGINX & Apache) has the certificates AND that each subdomain uses the right certificate
@renoirb renoirb self-assigned this Jan 10, 2015
This was referenced Jan 12, 2015
Open
Open
Closed
@renoirb renoirb changed the title SSL Between backend servers and Fastly 1d — SSL Between backend servers and Fastly Jan 16, 2015
@renoirb renoirb mentioned this issue Mar 12, 2015
Closed
@renoirb
Copy link
Member Author

renoirb commented Mar 12, 2015

Removed off this task what’s about self-signed certificates we could use for non-user-facing communications (e.g. between Fastly and a web server).

If we work on our own self-signed, let’s deflect to #125

@renoirb renoirb mentioned this issue Mar 12, 2015
Open
4 tasks
@renoirb renoirb mentioned this issue Mar 12, 2015
Closed
@renoirb
Copy link
Member Author

renoirb commented Mar 12, 2015

Let’s drop project.webplatform.org to be behind SSL for now. Postponed to #126

@renoirb renoirb closed this as completed Mar 12, 2015
@renoirb renoirb mentioned this issue Mar 20, 2015
Open
8 tasks
@renoirb renoirb removed the 4 - Done label Mar 26, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@renoirb renoirb

Labels
Automatization critical
Projects
None yet
Milestone
Goal: Automate deployment of essentia...
Development

No branches or pull requests
1 participant
@renoirb