Obsolete:Secure.wikimedia.org

From Wikitech
(Redirected from Secure.wikimedia.org)
This page contains historical information. It may be outdated or unreliable.
2009

secure.wikimedia.org was an HTTPS proxy to provide TLS-encrypted access to wikis hosted by the Wikimedia Foundation. This stems from a time where the various project domains (Wikipedia, Wiktionary, etc) did not support HTTPS. For example, you could access http://de.wikipedia.org/wiki/Crowdsourcing securely via https://secure.wikimedia.org/wikipedia/de/wiki/Crowdsourcing.

In 2015, the Wikimedia CDN was converted to support HTTPS for all traffic. The old secure.wikimedia.org domain has been replaced with a simple redirect service for the old URL structure.

Original service

secure.wikimedia.org provided HTTPS/SSL secured access to the Wikimedia Foundation wikis, like Wikipedia, Wiktionary, etc.

The service ran on the singer host in the Pmtpa cluster, on Apache 2.2 with an SSL certificate and VirtualHost for secure.wikimedia.org. Hits to this interface were then proxied to the internal load balancer and from there to regular Apaches via apache.pmtpa.wmnet, which serve the backend requests just like unencrypted hits.

Configuration

Frontend

Apache configuration is in /etc/apache2/ Running a custom-compiled Apache 2.2 in /usr/local/apache22

  • Wikis are proxied.
  • A special service IP is used.

Relevant config files...

  • /etc/apache2/sites-available/secure.wikimedia.org on singer
  • wikimedia-ssl-backend.conf on all apaches

Modules proxy and proxy_http should be enabled with command a2enmod.

Proxy defs:

<Proxy *>
    Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /otrs !
ProxyPass /otrs-2.1.3 !
ProxyPass /otrs-web !
ProxyPass / http://apaches.pmtpa.wmnet/
ProxyVia On

Backend

For wikis, the frontend proxies to the general Apache servers in PMTPA. These hit a VHOST configured by wikimedia-ssl-backend.conf which does a rewrite match on the funny directories and sets an environment variable used by CommonSettings.php to decode the correct host.

Root page

The index page at https://secure.wikimedia.org/ was be editable on Meta-Wiki, served using mod_rewrite and extract2.php.

Further reading