Fix #209: use a proxy to access community tickets data.

[sjrd]

As an alternative to #239

[sjrd]

I had to use http instead of https, though. Couldn't find what, on our server, allows the Training and Events feeds to be served on https, but would redirect community-tickets to /.
@fsalvi any idea?

[sjrd]

Review by @retronym , @huitseeker

[retronym]

LGTM. Perhaps you could add a comment by the url to mention how/where the proxy is currently configured.

[sjrd]

Perhaps you could add a comment by the url to mention how/where the proxy is currently configured

I sure can, but it's a bit redundant: it's on scala-lang.org:~/local/cgi-bin, just like the rest of the Website files. Nothing special about this location compare to all the other locations.

[retronym]

Okay, that PR comment is enough for me.

[heathermiller]

@sjrd one question – who has access to ~/local/cgi-bin? I.e., which machine is it on, and who has credentials? As far as I know, just you and Chris have access. Is there some (private) place that we can document this?

[sjrd]

Ping is your friend:

$ ping scala-lang.org
PING scala-lang.org (128.178.154.159) 56(84) bytes of data.
64 bytes from lampsrv1.epfl.ch (128.178.154.159): icmp_req=1 ttl=64 time=1.06 ms

Access is given by Fabien through ssh keys. He would know who else has access; I have no idea.

[heathermiller]

Right. I was more asking for the name of the machine at EPFL. But fine, I'll ask Fabien... Thanks...

[sjrd]

I was more asking for the name of the machine at EPFL.

It's in the ping output: lampsrv1.

[heathermiller]

Yes. I could see that. I didn't ask for help reading.

[heathermiller]

On second thought – I side now with Jason's original sentiment. No one other than @sjrd has access to a number of features of the website, and, correspondingly, access to how it's all configured.

So lots of stuff, community tickets, hall of fame, twitter feed... Much of this is either broken or could be greatly improved but no one can really touch it.

For example, I'd have liked to have fixed how tweets are displayed on the front page now for more than a year.

Is there some way we can take some of this stuff out from cgi-bin, factor out the sensitive info, but put it somewhere where more than just one or two people have access to it?

[fsalvi]

@sjrd Are you sure your shell script is not vulnerable to code injection ?

[fsalvi]

@heathermiller Your ssh key is already on the server, you can access it...

[heathermiller]

Thanks @fsalvi for the input (I actually couldn't seem to ssh into lampsrv1, I'll email you about that in private).

I'll clarify and re-ask my question. There are a number of php scripts (etc) responsible for stuff like the twitter feed, etc, on lampsrv1. I am asking if it's possible to put those in a repository somewhere (with sensitive bits of information factored out of them) so that more than just one or two people can fix/improve them. I'm asking this without actually having been able to look at the scripts. So, @sjrd, you'd be able to comment on whether or not this reasonable to do.

[heathermiller]

By "repository" I mean likely a public or private github repository. And perhaps the scripts still remaining in cgi-bin can pull from the repo when they run.