NOTE: First you need shell access in production to get to the server that hosts
people.wikimedia.org. Do that first.
How to upload files
Use scp and ProxyCommand in to copy files via a bastion host to your home directory on people.eqiad.wmnet. (people.eqiad.wmnet is a CNAME for currently people1001.eqiad.wmnet and previously rutherfordium.eqiad.wmnet).
Put files into a directory called "public_html". If that doesn't exist yet, create it with mkdir.
How To add SSO Authentication
sites on people.wikimedia.org can be configuered to use the SSO service to authenticate users to there site via .htaccess files. for example
allow any authenticated users
AuthType CAS Require valid-user
Allow all members of the NDA group
AuthType CAS Require cas-attribute memberOf:cn=nda,ou=groups,dc=wikimedia,dc=org
Allow only a specific user
AuthType CAS Require user jbond
Allow only users who have authenticated with u2f
AuthType CAS Require cas-attribute successfulAuthenticationHandlers:U2FAuthenticationHandler
Who has access
If you are a member of any admin group that gets shell access, you also have a user on people1001. Access is automatically granted to the "all users" group. You can also ssh to the CNAME people.eqiad.wmnet to avoid having to remember a number that might change in the future.
Backend upgrade November 2018
On November 29, 2018 the backend switched from rutherfordium on Debian jessie to a new machine people1001 on Debian stretch. The DNS CNAME people.eqiad.wmnet can be used as before and has been switched over. Just expect the new fingerprints.
All files in home directories have been rsynced over.
How to test changes
rzl@deploy1001:~$ cat people.yaml https://people.wikimedia.org: - path: /~rzl/ assert_status: 200 assert_body_contains: "👋" rzl@deploy1001:~$ httpbb /home/rzl/people.yaml --hosts people1001.eqiad.wmnet Sending to people.wikimedia.org... PASS: 1 request sent to people.wikimedia.org. All assertions passed.