einsteintoolkit / tickets / issues / #1224 - new image in trac wiki lets browsers again report the trac page as insecure — Bitbucket

Issue #1224 closed

Frank Löffler created an issue 2013-01-17

Since the addition of the image http://build.barrywardell.net:8080/job/EinsteinToolkit/badge/icon to the trac wiki the page reports as being insecure (at least in parts) since not all content is using ssl. It would be nice to be able to get to that image using https or otherwise work around this issue.

Keyword:

Comments (6)

Barry Wardell
- removed comment
I don't think SSL is currently available on that machine. In principal we could enable it. Ian, do you know what is required to get Jenkins to use SSL?
- 2013-01-18T07:57:47+00:00
Ian Hinder
- removed comment
We would need an SSL certificate for build.barrywardell.net, and to add an SSL wrapper. The SSL wrapper could, for example, be an Apache reverse proxy configured on build, or something more lightweight like stunnel. But the blocker at the moment is not having an SSL certificate for that machine. Come to think of it, it would be good to have SSL on this machine. It's a VM, so security is not so important, but it would be annoying if it was hacked.

Are we sure that linking to an off-site SSL-served image will not lead to a similar browser warning? It's the off-site bit I'm concerned about. From reading around on the internet, my impression is that we would be fine, but I wonder if someone else knows better.

I have commented out the build status image on the TRAC homepage, so that the page is considered secure again by browsers. Apologies for not noticing this issue!
- 2013-01-18T09:52:32+00:00
Barry Wardell
- removed comment
Getting an SSL certificate for build.barrywardell.net is straightforward. I can take care of getting it if someone else figures out what to do with it.
- 2013-01-18T09:58:33+00:00
Ian Hinder
- removed comment
Teamwork! Barry has obtained an SSL certificate, and I have installed it on build and set up an stunnel wrapper to provide https. The new URL for the jenkins installation is https://build.barrywardell.net which should be accepted by all major browsers. We still accept unencrypted connections on port 80 and 8080, but we might disable that at some point. I have added the link back on the trac main page via the https URL, and the page now registers in Safari as secure.
- 2013-01-18T12:54:27+00:00
Ian Hinder
- changed status to resolved
- removed comment
- 2013-01-18T12:55:26+00:00
Roland Haas
- edited description
- changed status to closed
- 2019-02-21T20:08:51+00:00
Log in to comment

Assignee: Ian Hinder

Type: bug

Priority: minor

Status: closed

Component: Server Infrastructure

Milestone: ET_2013_05

Version: development version

Votes: 0

Watchers: 0

Jira Software: the preferred issue tracker for Bitbucket. Join the team!