HTTPS Redirect for International Sites

Originally reported in #meta-1132.

There is currently no auto-redirect to HTTPS for our local sites like It had worked for a short time because of a change in WP (#27954) to redirect_canonical() but it got reverted later (#29708). In a chat with @nacin he proposed that this should be handled on our LBs.

We currently have ~145 local sites. Adding all subdomains to a redirect rule isn’t something we want I think. Can we force all subdomains to be HTTPS? AFAIK only and would be an exception. DNS and nginx aliases, wildcard certificate

@camikaos and I would like to start creating sites for BuddyCamps on the multisite installation, but using the domain. The domain is already in MarkMonitor and Matt gave the ok to use it.

Could someone from systems/@nacin please setup aliases in DNS and nginx?

We’ll also need a wildcard cert for, since we’re ready to FORCE_SSL_ADMIN across all sites.

Can johnbillion please be given a sandbox I…

Can johnbillion please be given a sandbox? I can set up commit access and such.


We’re going to be doing a HEAD request…

We’re going to be doing a HEAD request to on the 4.1 about page, in JavaScript. While the heavy operations performed there are cached in memcache for 15 minutes, I think it may be prudent for us to (temporarily?) cache it at the load balancers to avoid being CPU-bound.

Suggestion: cache OPTIONS and HEAD requests to for a period of time. A minute or 15 minutes is fine, but so is an hour.

#caching, #lb, #request

@nacin the new Training team would like to…

@nacin, the new Training team would like to use training@ in conjunction with SupportFlow. Could you please setup the address for them? Once it’s active I can setup SupportFlow.

cc @liljimmi


Email & Google Apps

We have a handful of email addresses set up as forwards. For the teams that need an official email address and a supportpress/supportflow setup, we have been doing addresses on (which has mailboxes) or setting up one-off gmail addresses to handle the mailbox, the owner of which might get lost over time. I talked to Barry at the team meetup days at WCSF about this and he said we should put on gmail for email. Matt said this was okay.

I’ve reclaimed the Foundation account for google apps for non-profits (a WC organizer had used the tax id to claim it without asking first, so we had to jump through some hoops). I’ve set up the account and gone through the steps with Ashish Shukla to have it recognize as the domain. The next step would be to modify the MX record to start routing email through the google apps account, but that gets complicated when it comes to ensuring no disruption to existing forwards, which is why Ashish and I were waiting for Barry to be available. When I spoke to Barry today, he said that @nacin is doing something around email too, so now he’s not super comfortable making changes at all lest we inadvertently step on each others’ toes.

@nacin: what is the thing you are doing with email, and does it preclude a shift to having actual mailboxes that are official? Let’s coordinate with whomever else is working on this to make sure everyone’s needs are met. I’m happy to share the google credentials with the appropriate people to get it going. We also get stuff like official hangouts the teams can use, calendar, etc. as part of the google apps account. If there’s a reason *not* to take Barry’s advice about using google apps/gmail for the team emails, I can remove from the google account (if so, please explain).

#email, #gmail

Getting 404s on the download link here http…

Getting 404s on the download link here:

Not sure why. I see nothing wrong with the plugin in svn itself.

This is a followup to what I posted…

(This is a followup to what I posted on a8c’s sysreq last Thursday, which @762e5e74 was working on. That request should have gone here in the first place, because it’s related to, so I’m moving the discussion here.)

To summarize the issue, URLs like are being redirected to, when they should instead be redirected to (I think this is because they get caught by the catch-all redirect, even though they’re valid pages.)

r4811-deploy added a new rule that redirected all HTTPS traffic to HTTP, but that conflicted with a PHP redirect back to HTTPS, and created a loop.

We’ve removed the PHP redirect for the time being, since the SSL cert doesn’t work on 4th-level domains. We should be able to re-apply r4811-deploy at this point, but I’d like to make a minor modification to it, so that it’s future-proof for when we do support HTTPS on the 4th-level domains (via 3rd-level aliases and domain mapping, or a wildcard with *.* SANs, or some other solution).

The modification would be to ignore HTTPS requests to wp-admin URLs. So, the logic would be:

if https
    if URL doesn't contain wp-admin
        redirect to http version of the URL

That way a request to (or any subpages under wp-admin) would not be redirected, but a request to will be redirected.

One other thing to keep in mind is that attempts to login to the sites (e.g., redirect to (so they can use the valid SSL), though, and we don’t want that to be affected by any new rules. I don’t think it will be, but thought I’d mention it just in case.

#https, #redirect, #ssl, #wordcamp-org

WP10 Site

Hi all. We need a wp install set up at for the 10th anniversary parties site. Matt would like it there rather than on .org, but @otto42 doesn’t have access there. Can someone set it up and make me an admin? Thanks.

#site-setup, #wordpress-net, #wp10

Hey I am trying to login to the…

Hey, I am trying to login to the Unit Tests Trac, so that I can reply to a ticket there, but /login redirects to

Was this by design? I would prefer to reply to active tickets there until we migrate the conversations to the core trac.

#trac, #unit-tests