Similar to issue: https://pagure.io/fedora-infrastructure/issue/8367
Our wiki is moving to a new site: https://389ds.github.io
Please update CNAME for www.port389.org and directory.fedoraproject.org pointing to https://389ds.github.io
Thanks!!
Also please add TXT records for the domain verification
Metadata Update from @phsmoura: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, low-trouble, ops
What are the exact TXT records you'd like us to add?
@vashirov - can you answer this?
Please add _github-pages-challenge-389ds. under port389.org with the value 4928fb87a6a28a05cbad6e49b2a26b. Thanks!
_github-pages-challenge-389ds.
4928fb87a6a28a05cbad6e49b2a26b
And I think CNAME for directory.fedoraproject.org should point to www.port389.org since GitHub pages allows only one domain.
Done.
Let us know if you need anything more.
Metadata Update from @kevin: - Issue assigned to kevin - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Hey @kevin! Thanks for the changes. www.port389.org seems to be working fine. However directory.fedoraproject.org is not. I see it also points to github:
$ dig directory.fedoraproject.org +nostats +nocomments ; <<>> DiG 9.10.6 <<>> directory.fedoraproject.org +nostats +nocomments ;; global options: +cmd ;directory.fedoraproject.org. IN A directory.fedoraproject.org. 252 IN CNAME www.port389.org. www.port389.org. 53001 IN CNAME 389ds.github.io. 389ds.github.io. 1166 IN A 185.199.109.153 389ds.github.io. 1166 IN A 185.199.108.153 389ds.github.io. 1166 IN A 185.199.111.153 389ds.github.io. 1166 IN A 185.199.110.153
I think we should have only
directory.fedoraproject.org. 252 IN CNAME www.port389.org.
Could you please remove those extra A and CNAME records? Thanks!
We have only:
directory IN CNAME www.port389.org.
I didn't change that.
The CNAME is just being followed right?
Also, there's a report of ssl cert issues:
https://pagure.io/fedora-infrastructure/issue/11355
Hmm, ok. Here's some more information about our setup. So the end goal is to redirect directory.fedoraproject.org to www.port389.org.
www.port389.org is served from GitHub pages, there is CNAME pointing to 389ds.github.io - this works now. directory.fedoraproject.org is pointing to www.port389.org via CNAME, but it fails because GitHub doesn't know about this domain. On top of that there is HSTS and a "wrong" certificate served from GitHub.
port389.org has A records pointing to redirect.redhat.com that redirects to http://www.port389.org
curl port389.org <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="http://www.port389.org/">here</a>.</p> </body></html>
So maybe we can change CNAME for directory.fedoraproject.org to point to apex domain port389.org? This should redirect to www.port389.org eventually.
I don't think that will work. It's working for port389.org I think because redirect.redhat.com has a valid cert for that domain, but it doesn't have one for directory.fedoraproject.org.
I think what we may need to do here is just point directory.fedoraproject.org to our proxies using our *.fedoraproject.org cert, then immediately redirect it to www.port389.org ?
I don't think redirect.redhat.com has certs either, they redirect to plain HTTP URL. Right now we have certs from Let's Encrypt obtained by GitHub, and they are definitely not installed on redirect.redhat.com, but the redirect works.
Let's try that.
ok. In place. It seems to work here, can you confirm?
I can access https://directory.fedoraproject.org without issue now, thanks!
awesome. Sorry for the back and forth...
Login to comment on this ticket.