Jump to content


From Wikitech

Using payments1004 for integration tests

payments1004 is a depooled production payments server. It is a good place to do a "live test".


To access it with a web browser you must tunnel to port 443 over ssh. The annoying part is it is a privileged port so it has to be done as root. The magic incantation is:

   sudo ssh -o ProxyCommand='ssh -i /path/to/ssh/key -W %h:%p user@frbast.wikimedia.org' -L 443:localhost:443 user@payments1004

You will have to provide the ssh key passphrase and two yubikey presses, or you can use -i in the outer command to use key based auth locally on payments1004. Now you have an interactive shell on the server and the tunnel will be open until you log out. You could also do -N (no remote shell) and -f (background ssh process) to leave the tunnel open indefinitely.

While it is possible to use an unprivileged port and change the urls, anything hard-coded breaks, e.g. payment process return urls.

Override DNS

Caution: Editing /etc/hosts undermines network security in a basic way and can be dangerous, especially if you forget something has been changed in there. Remember to reset it when you're done.

To make your laptop (on the fwd'd port) answer to the name payments.wikimedia.org, add this line to /etc/hosts: payments.wikimedia.org

Now visit payments and your traffic should be hitting 1004. You can confirm the right thing is happening by checking the web logs for the appropriate payment gateway on the log server.