Closed Bug 1445702 Opened 7 years ago Closed 3 years ago

http://releases.mozilla.org/ must redirect to https://releases.mozilla.org/

Categories

(Cloud Services :: Operations: Product Delivery, task, P5)

Product:
Cloud Services
Component:
Operations: Product Delivery
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1431892

People

(Reporter: jan, Unassigned)

References

(
URL
)

Details

(Keywords: nightly-community)

No description provided.
cloud-services owns releases.mo, so we'll see if we can figure out what's what.
Component: Infrastructure: AWS → Operations: Product Delivery
Product: Infrastructure & Operations → Cloud Services
QA Contact: cshields → oremj
:catlee - Can we redirect HTTP to HTTPS for releases.mozilla.org or is it going to break the build multiverse?
Flags: needinfo?(catlee)
releases.m.o is definitely not used for updates or for initial downloads. AFAICT it's safe to set up a redirect.
Flags: needinfo?(catlee)
Do you have an hour to move forward on this? <3 Thank you.
Setting up a redirect on that distribution will also redirect the following domains: ftp.prod.mozaws.net archive.mozilla.org releases.mozilla.org china-sync.mozilla.org ftp-ssl.mozilla.org stage.mozilla.org stage-rsync.mozilla.org ftp-cluster.mozilla.org ftp-test.mozilla.org ftp.mozilla.org ftp.eu.mozilla.org releases.mozilla.com :catlee, is that okay?
Flags: needinfo?(catlee)
I think so. Nick, what do you think?
Flags: needinfo?(catlee) → needinfo?(nthomas)
tl;dr - very likely no problem for RelEng. Any affect on the CDN origin servers ? Longer: We've deprecated some of these domains (no longer resolve in DNS) and the reduced list is: ftp.prod.mozaws.net archive.mozilla.org releases.mozilla.org ftp-ssl.mozilla.org ftp.mozilla.org ftp.eu.mozilla.org releases.mozilla.com I've not seen ftp.prod.mozaws.net before so can't really comment on that, or on ftp.eu.mozilla.org. releases.mozilla.com no longer does what it used to, and is now a CNAME for archive.m.o; we may be able to just remove it. ftp-ssl.mozilla.org is probably obsolete too. From a Release Engineering perspective we mostly use https://archive.m.o and should be OK. Within the release automation, funsize used http://archive.mozilla.org in 61.0b8, but uses https for nightlies. We use aiohttp for downloading and it defaults to following redirects. I can't find any references in the taskcluster graphs for m-c push and nightly for http://, although this doesn't preclude things hardwired in scripts. Apart from that it's hard to say with confidence if anything will break, as there are a lot of scrapers and scripts out there. Forcing use of https seems like a net good result.
Flags: needinfo?(nthomas)

One year has passed since approval.
In the meantime, decision has been made that TLS 1.0 and TLS 1.1 will be disabled in Nightly 72 or 73 in 5-7 months and ride the trains.
Could you try to make this change? Thank you.

Flags: needinfo?(oremj)

Julien, any idea who should make the final decision here. It would effectively prevent anyone from downloading Firefox without SSL.

Flags: needinfo?(oremj) → needinfo?(jvehent)

We still need to wait for bug 1444399 to perform the analysis.

Depends on: 1444399
Flags: needinfo?(jvehent)
Assignee: nobody → oremj
Assignee: oremj → nobody
Priority: -- → P5
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
See Also: https://bugzilla.mozilla.org/show_bug.cgi?id=1431892
You need to log in before you can comment on or make changes to this bug.