Secure.wikimedia.org

From Wikitech
Jump to: navigation, search

Services are serviced at this address:

  • SSL secured access to WMF projects like wikipedia, wiktionary, etc

Wiki proxying

singer runs Apache 2.2, with an SSL interface for secure.wikimedia.org. Hits to this interface are proxied to the internal load balancer for our Apaches, on apache.pmtpa.wmnet, which serve the backend requests just like unencrypted hits.

Configuration

Frontend

Apache configuration is in /etc/apache2/ Running a custom-compiled Apache 2.2 in /usr/local/apache22

  • Wikis are proxied.
  • A special service IP is used.

Relevant config files...

  • /etc/apache2/sites-available/secure.wikimedia.org on singer
  • wikimedia-ssl-backend.conf on all apaches

Modules proxy and proxy_http should be enabled with command a2enmod.

Proxy defs:

<Proxy *>
    Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /otrs !
ProxyPass /otrs-2.1.3 !
ProxyPass /otrs-web !
ProxyPass / http://apaches.pmtpa.wmnet/
ProxyVia On

Backend

For wikis, the frontend proxies to the general Apache servers in PMTPA. These hit a VHOST configured by wikimedia-ssl-backend.conf which does a rewrite match on the funny directories and sets an environment variable used by CommonSettings.php to decode the correct host.

Root page

The root page https://secure.wikimedia.org/ can be edited on meta. mod_rewrite and extract2.php are being used to display that page.