HTTPS Redirect for International Sites

Originally reported in #meta-1132.

There is currently no auto-redirect to HTTPS for our local sites like https://de.wordpress.org/. It had worked for a short time because of a change in WP (#27954) to redirect_canonical() but it got reverted later (#29708). In a chat with @nacin he proposed that this should be handled on our LBs.

We currently have ~145 local sites. Adding all subdomains to a redirect rule isn’t something we want I think. Can we force all subdomains to be HTTPS? AFAIK only api.w.org and planet.w.org would be an exception.

BuddyCamp.org DNS and nginx aliases, wildcard certificate

@camikaos and I would like to start creating sites for BuddyCamps on the WordCamp.org multisite installation, but using the buddycamp.org domain. The domain is already in MarkMonitor and Matt gave the ok to use it.

Could someone from systems/@nacin please setup aliases in DNS and nginx?

We’ll also need a wildcard cert for buddycamp.org, since we’re ready to FORCE_SSL_ADMIN across all WordCamp.org sites.

Can johnbillion please be given a sandbox I…

Can johnbillion please be given a sandbox? I can set up commit access and such.

#sandbox

We’re going to be doing a HEAD request…

We’re going to be doing a HEAD request to https://api.wordpress.org/translations/core/1.0/?version=4.1 on the 4.1 about page, in JavaScript. While the heavy operations performed there are cached in memcache for 15 minutes, I think it may be prudent for us to (temporarily?) cache it at the load balancers to avoid being CPU-bound.

Suggestion: cache OPTIONS and HEAD requests to https://api.wordpress.org/translations/core/1.0/ for a period of time. A minute or 15 minutes is fine, but so is an hour.

#caching, #lb, #request

@nacin the new Training team would like to…

@nacin, the new Training team would like to use training@ in conjunction with SupportFlow. Could you please setup the address for them? Once it’s active I can setup SupportFlow.

xref https://make.wordpress.org/systems/2014/11/18/email-google-apps/
cc @liljimmi

#email

Email & Google Apps

We have a handful of @wordpress.org email addresses set up as forwards. For the teams that need an official email address and a supportpress/supportflow setup, we have been doing addresses on wordcamp.org (which has mailboxes) or setting up one-off gmail addresses to handle the mailbox, the owner of which might get lost over time. I talked to Barry at the team meetup days at WCSF about this and he said we should put wordpress.org on gmail for email. Matt said this was okay.

I’ve reclaimed the Foundation account for google apps for non-profits (a WC organizer had used the tax id to claim it without asking first, so we had to jump through some hoops). I’ve set up the account and gone through the steps with Ashish Shukla to have it recognize wordpress.org as the domain. The next step would be to modify the MX record to start routing email through the google apps account, but that gets complicated when it comes to ensuring no disruption to existing forwards, which is why Ashish and I were waiting for Barry to be available. When I spoke to Barry today, he said that @nacin is doing something around email too, so now he’s not super comfortable making changes at all lest we inadvertently step on each others’ toes.

@nacin: what is the thing you are doing with email, and does it preclude a shift to having actual mailboxes that are official? Let’s coordinate with whomever else is working on this to make sure everyone’s needs are met. I’m happy to share the google credentials with the appropriate people to get it going. We also get stuff like official hangouts the teams can use, calendar, etc. as part of the google apps account. If there’s a reason *not* to take Barry’s advice about using google apps/gmail for the team emails, I can remove wordpress.org from the google account (if so, please explain).

#email, #gmail

Getting 404s on the download link here http…

Getting 404s on the download link here:
https://wordpress.org/plugins/amazon-web-services/

https://downloads.wordpress.org/plugin/amazon-web-services.0.1.zip

Not sure why. I see nothing wrong with the plugin in svn itself.

This is a followup to what I posted…

(This is a followup to what I posted on a8c’s sysreq last Thursday, which @762e5e74 was working on. That request should have gone here in the first place, because it’s related to WordCamp.org, so I’m moving the discussion here.)

To summarize the issue, URLs like https://2013.sf.wordcamp.org/tickets are being redirected to http://central.wordcamp.org/tickets, when they should instead be redirected to http://2013.sf.wordcamp.org/tickets. (I think this is because they get caught by the catch-all redirect, even though they’re valid pages.)

r4811-deploy added a new rule that redirected all HTTPS traffic to HTTP, but that conflicted with a PHP redirect back to HTTPS, and created a loop.

We’ve removed the PHP redirect for the time being, since the SSL cert doesn’t work on 4th-level domains. We should be able to re-apply r4811-deploy at this point, but I’d like to make a minor modification to it, so that it’s future-proof for when we do support HTTPS on the 4th-level domains (via 3rd-level aliases and domain mapping, or a wildcard with *.*.wordcamp.org SANs, or some other solution).

The modification would be to ignore HTTPS requests to wp-admin URLs. So, the logic would be:

if https
    if URL doesn't contain wp-admin
        redirect to http version of the URL

That way a request to https://2013.sf.wordcamp.org/wp-admin (or any subpages under wp-admin) would not be redirected, but a request to https://2013.sf.wordcamp.org/tickets will be redirected.

One other thing to keep in mind is that attempts to login to the year.city sites (e.g., http://2013.sf.wordcamp.org/wp-login.php) redirect to http://wordcamp.org/wp-login.php (so they can use the valid SSL), though, and we don’t want that to be affected by any new rules. I don’t think it will be, but thought I’d mention it just in case.

#https, #redirect, #ssl, #wordcamp-org

WP10 Site

Hi all. We need a wp install set up at wp10.wordpress.net for the 10th anniversary parties site. Matt would like it there rather than on .org, but @otto42 doesn’t have access there. Can someone set it up and make me an admin? Thanks.

#site-setup, #wordpress-net, #wp10

Hey I am trying to login to the…

Hey, I am trying to login to the Unit Tests Trac, so that I can reply to a ticket there, but /login redirects to https://core.trac.wordpress.org/log/tests.

Was this by design? I would prefer to reply to active tickets there until we migrate the conversations to the core trac.

#trac, #unit-tests