Add SSL to resources.ovirt.org
Description
causes
duplicates
Web links
Activity
Former user May 25, 2018 at 2:49 PM
Patch was merged today due to HSTS being enabled on the domain again. There is also an issue with plain.resources display but I'll work on that in a separate ticket https://ovirt-jira.atlassian.net/browse/OVIRT-2057#icft=OVIRT-2057
Former user May 23, 2018 at 12:34 PM
Patch submitted for review. Need to verify it on a test system before setting +v
Anton Marchukov May 10, 2018 at 8:36 AM
Please note that Duck does not want to fix that HSTS setting just for ovirt.org (see linked issue). So we need to enable SSL sooner and on all our domains. This is also in line with industry trend of "encryption by default".
Anton Marchukov May 9, 2018 at 9:44 AM
Please note that accidentally ovirt.org got HSTS setting with includeSubDomains [1] and thus an unknown number of users got https requirement cached for the full *.ovirt.org zone. This might rise the priority of this. However. We removed the subdomain setting and send info to the users and devel on how to clear the browser cache.
Former user June 27, 2017 at 12:26 PM
Puppet manages HTTPD using this manifest:
https://gerrit.ovirt.org/gitweb?p=infra-puppet.git;a=blob;f=site/ovirt_resources/manifests/apache.pp;h=0ed489fa995482ad18a0aba49224ecbcd537c1c0;hb=refs/heads/production#l48
Adding another VHost should solve this, we can probably find an upstream module for letsencrypt to not have to generate certificates manually.
Details
Assignee
Former userFormer user(Deactivated)Reporter
Barak KorrenBarak Korren(Deactivated)Components
Priority
High
Details
Details
Assignee
Reporter
Components
Priority
High
This was already requested in the past, not sure why we didn't follow up. We need to allow users to D/L packages without fear of MITM attacks.
Package signing can help a little, but not everything is signed. (ISOs are not signed for example...)