by a shift to https without chaning the old links to https? Example https://tracker.moodle.org/browse/MDL-34252.
Tracker shifted to https orphaning http links?
Number of replies: 9
I started getting tons of "service unavailble" in the tracker. Could that be caused
by a shift to https without chaning the old links to https? Example https://tracker.moodle.org/browse/MDL-34252.
by a shift to https without chaning the old links to https? Example https://tracker.moodle.org/browse/MDL-34252.
Re: Tracker shifted to https orphaning http links?
Visvanath I think you might be onto something there!
Re: Tracker shifted to https orphaning http links?
I would venture that it might be easier to set up a redirection for http calls.
Re: Tracker shifted to https orphaning http links?
Thanks Visvanath, I have created an issue for it: MDLSITE-2066.
Re: Tracker shifted to https orphaning http links?
I was mislead first by the full error messages "The site is either down or undergoing maintenance" (from memory) which reminded me of the "wrong internet". In fact, I wondered into the wrong internet and saw (heard?) "tweets" like those in the attachment. (Sorry for the tiny pic, the 50 kB limit forced me to scale the pic a couple of times. The third message says, "Oh no, tracker.moodle.org is down".)
;-(
Once I got "JIRA startup failed" and intermittently some tracker items appeared I looked carefully.
Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins. There is no chance of sabotaging the code because it is in git.moodle.org. Even without that thanks to the distributed model there is no central code base to attack! (Remember the lessen learned in kernel.org?)
I had the same thought when moodle.org went HTTPS. I don't want to ignite a big security discussion. None of my business anyway, but (for me) there is alway something to learn.
;-(
Once I got "JIRA startup failed" and intermittently some tracker items appeared I looked carefully.
Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins. There is no chance of sabotaging the code because it is in git.moodle.org. Even without that thanks to the distributed model there is no central code base to attack! (Remember the lessen learned in kernel.org?)
I had the same thought when moodle.org went HTTPS. I don't want to ignite a big security discussion. None of my business anyway, but (for me) there is alway something to learn.
Re: Tracker shifted to https orphaning http links?
Hi All,
AFAIK Tracker has been update to the major version, 4 > 5: quick evidence from the (new) layout and from the footer (v5.2.2).
Probably a required (and planned) step in the HQ Tools roadmap, even for https://tracker.moodle.org/browse/MDLSITE-1201?focusedCommentId=186358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-186358.
Matteo
Re: Tracker shifted to https orphaning http links?
As per my comment on the tracker ticket, I have now setup http to https rewrites. Tracker was upgraded recently, and had a couple of config issues which should now hopefully be resolved.
- Matt
Re: Tracker shifted to https orphaning http links?
Thanks very much for this - will this also fix this error message I am seeing with the activity stream?
Re: Tracker shifted to https orphaning http links?
(Don't want to drift off topic, but..)
Before talking of solutions my dumb question is, what is the purpose of "secure" connections to a public site? OK, credentials of the developers should not be compromised, but then you can have HTTPS for logins
That doesn't prevent session hijacking. Not to say that this is keeping me awake a night, but if you are going to do SSL then you may as well do it properly.
There are some aspects of the tracker which are not public. e.g discussing Moodle security issues before they are fixed. So I wouldn't necessarily agree with your summation of it being a public site.
And, why not? HTTPS does prevent intermediate proxies from caching resources and people like to talk about the CPU overhead of decrypting communications, but in todays world I do not think these are top of performance problems. Which is why Google, Facebook, GMail etc now use SSL by default.
Re: Tracker shifted to https orphaning http links?
[sarcasm on]
High security
That is one great thing about security. You can't enter your own house, but you are grateful that your secrets are safe too. https://tracker.moodle.org/browse/MDLSITE-1812.
[sarcasm off]
High security
That is one great thing about security. You can't enter your own house, but you are grateful that your secrets are safe too. https://tracker.moodle.org/browse/MDLSITE-1812.
[sarcasm off]