Project

General

Profile

Feature #22579

Support https URLs

Added by Marco Mambelli 3 months ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
05/10/2019
Due date:
% Done:

0%

Estimated time:
Stakeholders:

Fermilab

Duration:

Description

As requested by Fermilab, Frontend and Factory should support also https for the staging and monitoring pages

This means that:
- Apache configuration should be changed accordingly
- Should be possible to keep http for sites that desire so
- Should be verified that the glideins reliability is not reduced (they should be able to connect also from workernodes that have no public IP, host certificate or CA certs directory)
- An option could be added to fail in case the server cannot be identified properly (the possibility to use only the checksums should remain)

History

#1 Updated by Marco Mambelli about 1 month ago

Even if small in sizes, the files from the Factory and Frontend are downloaded by thousands of glideins. They rely heavily on HTTP Proxies. Https would increase the load on the server and the latency for all jobs. We found no way to cache the files with https. Proxies are considered to be Man In The Middle attacker.

Only the monitoring pages should be moved to https.
Https should be enabled and the http requests for the monitoring area should be redirected to https.

An exemption should be requested for the staging area

#2 Updated by Marco Mambelli about 1 month ago

  • Assignee set to Dennis Box


Also available in: Atom PDF