Metadata
- Source
- INFRA-86
- Type
- Improvement
- Priority
- Major
- Status
- Resolved
- Resolution
- Done
- Assignee
- Giovanni Tirloni
- Reporter
- Giovanni Tirloni
- Created
2016-08-09T12:57:30.112-0400 - Updated
2017-10-17T07:38:50.269-0400 - Versions
- N/A
- Fixed Versions
- N/A
- Component
- N/A
Description
All websites need to be available through HTTPS and behind our load balancers.
- Deploy 2 LB's for Fluid/IDI
- Update Ansible configuration for each website and apply to these LB's
- Change DNS records
- Notify developers so links can be updated to use HTTPS
Comments
-
Giovanni Tirloni commented
2016-08-22T09:10:58.043-0400 Partially enabled for guide.inclusivedesign.ca and pkg.inclusivedesign.ca.
The Ansible roles touching nginx/letsencrypt need more work. One major issue is renewing certificates while they are still in use. Right now we're redirecting known requests from Let's Encrypt to a special directory where we ask the certbot tool to store the challenge files. It doesn't always work as expected and needs more testing.
-
Giovanni Tirloni commented
2017-09-03T13:53:52.640-0400 Enabled HTTPS for the following websites:
idrc.ocadu.ca
lists.idrc.ocadu.ca
tts.idrc.ocadu.ca
inclusivedesign.ca
guide.inclusivedesign.ca
hackathon.inclusivedesign.ca
files.inclusivedesign.ca
ci.inclusivedesign.ca
lists.inclusivedesign.ca
pkg.inclusivedesign.ca
airmedia.inclusivedesign.ca
fluidproject.org
build.fluidproject.org
docs.fluidproject.org
forge.fluidproject.org
rsf.fluidproject.org
wiki.fluidproject.org
issues.fluidproject.org
floeproject.org
demo.floeproject.org
handbook.floeproject.org
achecker.ca -
Giovanni Tirloni commented
2017-09-26T19:25:29.946-0400 Enabled docs.fluidproject.org today
-
Giovanni Tirloni commented
2017-09-30T19:17:31.981-0400 Enabled HTTPS for the following additional websites today:
bigidea.one
dev.bigidea.one
sojustrepairit.org
canhack150.ca
docs.fluidproject.org
metadata.floeproject.orgComplete list:
inclusivedesign.ca
airmedia.inclusivedesign.ca
ci.inclusivedesign.ca
files.inclusivedesign.ca
guide.inclusivedesign.ca
hackathon.inclusivedesign.ca
lists.inclusivedesign.ca
pkg.inclusivedesign.ca
www.inclusivedesign.ca
conf.inclusivedesign.caprd-vid01p-tor1.inclusivedesign.ca
prd-vid02p-tor1.inclusivedesign.ca
prd-vid03p-tor1.inclusivedesign.ca
prd-vid04p-tor1.inclusivedesign.ca
prd-vid05p-tor1.inclusivedesign.ca
prd-vid06p-tor1.inclusivedesign.cafluidproject.org
build.fluidproject.org
ci.fluidproject.org
docs.fluidproject.org
forge.fluidproject.org
issues.fluidproject.org
rsf.fluidproject.org
wiki.fluidproject.org
www.fluidproject.orgachecker.ca
www.achecker.caidrc.ocadu.ca
idrc.ocad.ca
lists.idrc.ocadu.ca
lists.idrc.ocad.ca
www.idrc.ocadu.ca
www.idrc.ocad.cafloeproject.org
demo.floeproject.org
handbook.floeproject.org
www.floeproject.org
metadata.floeproject.org
acessibility.floeproject.orgsnow.idrc.ocadu.ca
snow.idrc.ocad.ca
www.snow.idrc.ocadu.ca
www.snow.idrc.ocad.ca
snow-dev.idrc.ocadu.ca
snow-dev.idrc.ocad.ca
snow-dev2.idrc.ocadu.ca
snow-dev2.idrc.ocad.ca
snowvids.idrc.ocadu.ca
snowvids.idrc.ocad.caatutor.snow.idrc.ocadu.ca
atutor.snow.idrc.ocad.casojustrepairit.org
www.sojustrepairit.org
sojustrepairit.ca
www.sojustrepairit.cabigidea.one
www.bigidea.one
dev.bigidea.onecanhack150.ca
www.canhack150.ca -
Giovanni Tirloni commented
2017-09-30T19:18:35.429-0400 @@Colin Clark @@Jonathan Hung @@Michelle D'Souza @@Justin Obara @@Avtar Gill @@Alan Harnum I think I have enabled HTTPS for all the major websites now. I have not enabled it for the domain reservations we have (that only redirect to idrc.ocadu.ca without any content). Any websites you feel are missing from this list?
-
Colin Clark commented
2017-10-03T11:23:40.867-0400 This list looks really good to me! Thanks for doing the work, Gio.