Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Add SSL to jenkins.ovirt.org

Description

We probably need SSL for 'jenkins.ovirt.org'. That server has privileges on most stuff that is running in PHX, so better not have passwords to it be exposed to MITM attacks...

Activity

Show:

Marc Dequènes (Duck) May 31, 2018 at 4:36 AM

X-Frame-Options and X-Content-Type-Options too

Marc Dequènes (Duck) May 31, 2018 at 4:33 AM

Yes, we need the redirect and HTSH settings too.

Former user May 22, 2018 at 11:48 PM

SSL patch merged and applied during the patching window: https://jenkins.ovirt.org/

We can now verify that everything works and convert the HTTP vhost to an HTTPS redirect

Former user May 15, 2018 at 5:00 PM

I've updated the patch to inherit domain names form Hiera and will need to re-test this on a fresh system (staging Jenkins already has certificates so it may behave differently). Will report once that's done so that we can merge the existing patch and get this resolved.

Anton Marchukov May 10, 2018 at 8:36 AM

Please note that Duck does not want to fix that HSTS setting just for ovirt.org (see linked issue). So we need to enable SSL sooner and on all our domains. This is also in line with industry trend of "encryption by default".

Done

Details

Assignee

Reporter

Blocked By

Components

Priority

Parent

Created June 22, 2017 at 8:32 AM
Updated June 5, 2018 at 3:03 PM
Resolved May 22, 2018 at 11:48 PM