Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-enable HTTP/2 #256

Merged
Merged

Conversation

@nottrobin
Copy link
Member

nottrobin commented Oct 4, 2019

The have to wait for Nginx v1.16.1, which fixes the DoS vulnerabilities.

Nginx v1.16.1 should be live once RT #121713 is resolved.

QA

./qa-deploy --production snapcraft.io
curl -I --insecure -H 'Host: snapcraft.io' https://127.0.0.1

Check it's HTTP/2.

@nottrobin nottrobin force-pushed the nottrobin:reenable-http2 branch from 7bc4108 to 5fa7645 Oct 7, 2019
@nottrobin

This comment has been minimized.

Copy link
Member Author

nottrobin commented Oct 7, 2019

Jay has updated our nginx ingress controller for RT #121713, and now the sites are running on openresty 1.15.8.2, which should include the relevant security patches. So this change should be good to go.

$ curl -I https://snapcraft.io
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
$ curl -I https://ubuntu.com
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
@nottrobin nottrobin removed the Blocked ⛔ label Oct 7, 2019
@tbille tbille self-assigned this Oct 7, 2019
@tbille
tbille approved these changes Oct 7, 2019
Copy link
Member

tbille left a comment

LGTM

@nottrobin nottrobin merged commit a048f20 into canonical-web-and-design:master Oct 7, 2019
1 check passed
1 check passed
WIP Ready for review
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.