Using payments1004 for integration tests
payments1004 is a depooled production payments server. It is a good place to do a "live test".
To access it with a web browser you must tunnel to port 443 over ssh. The annoying part is it is a privileged port so it has to be done as root. The magic incantation is:
sudo ssh -o ProxyCommand='ssh -i /path/to/ssh/key -W %h:%p firstname.lastname@example.org' -L 443:localhost:443 user@payments1004
You will have to provide the ssh key passphrase and two yubikey presses, or you can use -i in the outer command to use key based auth locally on payments1004. Now you have an interactive shell on the server and the tunnel will be open until you log out. You could also do -N (no remote shell) and -f (background ssh process) to leave the tunnel open indefinitely.
While it is possible to use an unprivileged port and change the urls, anything hard-coded breaks, e.g. payment process return urls.
|Caution:||Editing /etc/hosts undermines network security in a basic way and can be dangerous, especially if you forget something has been changed in there. Remember to reset it when you're done.|
To make your laptop (on the fwd'd port) answer to the name payments.wikimedia.org, add this line to /etc/hosts:
Now visit payments and your traffic should be hitting 1004. You can confirm the right thing is happening by checking the web logs for the appropriate payment gateway on the log server.