Project 511 Services Unit HTTPS Everything

A sub-project of 454 to migrate all Services Unit web services/sites to HTTPS from HTTP.

This specifically does not mean authenticating all web services, just that they should be served via HTTPS, as lots of browsers now warn when visiting HTTP sites.

Our plan will be to:

  1. not create any new web services that are HTTP - already doing this.
  2. identify all the web services that we run, and categorise them into 1 of the 4 types identified on Project454MoveToHTTPS#Types_of_sites_running_HTTP
  3. start working through that list, low hanging fruit first?

We've not actively done much on this yet. However any new sites are HTTPS only sites, and there are some RT tickets, eg https://rt4.inf.ed.ac.uk/Ticket/Display.html?id=98910 where users are asking us specifically to do it.

List of machines

A combination of:

  • header-user live/services-unit.h
  • header-user dice/options/apacheconf.h
  • union of the above:cat A B | sort | uniq -d

gives us 57 hosts. However some will host multiple websites, and some are dev/test/play things. Project511ServicesUnitList

Some notes on Lets Encrypt

ServicesUnitLECertNotes

Dev meeting talks

Talk 1 - possibly 30/6/2020

Basically all that's happened since May is classified all 213 sites.

HTTP and HTTPS pub 37
HTTP only 78
HTTP pub HTTPS auth 10
HTTPS already 36
NA - DR, test, not us (anymore) 51

The first 2 categories, 115 should be relatively straightforward.

Of the 10 more tricky ones:

  • 4 are edweb sites (1 live, other others dev and DR)
  • The others are:
  • Old LFCS Plone site - will be gone soon
  • lists.inf
  • rbs.inf
  • dtest1.inf - test thing
  • mediasrv.inf/aiai
  • holler.inf - should be redirecting to ltg

-- NeilBrown - 14 Jan 2020

Topic revision: r5 - 30 Jun 2020 - 08:57:58 - NeilBrown
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies