BuddyCamp.org DNS and nginx aliases, wildcard certificate

@camikaos and I would like to start creating sites for BuddyCamps on the WordCamp.org multisiteMultisite Multisite is a WordPress feature which allows users to create a network of sites on a single WordPress installation. Available since WordPress version 3.0, Multisite is a continuation of WPMU or WordPress Multiuser project. WordPress MultiUser project was discontinued and its features were included into WordPress core.https://codex.wordpress.org/Create_A_Network. installation, but using the buddycamp.org domain. The domain is already in MarkMonitor and Matt gave the ok to use it.

Could someone from systems/@nacin please setup aliases in DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252). and nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/.?

We’ll also need a wildcard cert for buddycamp.org, since we’re ready to FORCE_SSL_ADMIN across all WordCamp.org sites.

Hi Can we please do something to cause…

Hi!
Can we please do something to cause lines such as this to work properly in production?
rewrite ^/themes/([^/]+)$ /themes/$1/ permanent;

The problem is that using a relative redirect like that causes nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. to prefix it with $scheme://$http_host, which is fine, but now with forced-httpsHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information., is causing extra redirects. On web nodes, It happens because $scheme is 'http'. It appears that the correct way of fixing this is to use proxy_redirect on the SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server.-terminating load balancers.

I’m unable to test LB changes, but it looks like this line should do the job
proxy_redirect http://$http_host/ https://$http_host/;
I’ve tested it on my own nginx install, in the reverse (rewriting ssl Location headers to httpHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.), and it appears to work as expected, but I’ve never used it before.
Using the $http_host variable seems safe, since any relative redirects have to be to the current domain anyway.

A curl request to duplicate:
curl -I 'https://wordpress.org/themes/twentyfourteen?'

Actual: Location: http://wordpress.org/themes/twentyfourteen/
Expected: Location: https://wordpress.org/themes/twentyfourteen/