Modularize Aphront "sites"
ClosedPublic
Actions

Authored by epriestley on Jun 29 2015, 7:53 PM.

Details

Reviewers

btrahan

Maniphest Tasks

T5702: Make Aphront "virtual hosts"/sites modular

Commits

Restricted Diffusion Commit
rP6b7183a76232: Modularize Aphront "sites"

Summary

Fixes T5702. The path here is long and windy:

I want to move blog.phacility.com to the new secure host.
That host has security.require-https set, which I want to keep set (before, this was handled in a sort of hacky way at the nginx/preamble level, but I've cleaned up everything else now).
Currently, that setting forces blogs to HTTPS too, which won't work.
To let blogs be individually configurable, we need to either modularize site config or make things hackier.
Modularize rather than increasing hackiness.
Also add a little "modules" panel in Config. See T6859. This feels like a reasonable middle ground between putting this stuff in Applications and burying it in bin/somewhere.

Test Plan

Visited normal site.
Visited phame on-domain site.
Visited phame off-domain site.
Viewed static resources.

Screen Shot 2015-06-29 at 12.48.29 PM.png (949×1 px, 153 KB)

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 32606.Jun 29 2015, 7:53 PM

epriestley retitled this revision from to Modularize Aphront "sites".

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: btrahan.

epriestley added a task: T5702: Make Aphront "virtual hosts"/sites modular.

Herald added a subscriber: epriestley. · View Herald TranscriptJun 29 2015, 7:53 PM

Specifically, intent here is:

Next diff adds a "HTTP + HTTPS" / "Require HTTPS" / "Use Default" preference to blogs.
We set "HTTP + HTTPS" on blog.phacility.com (no HTTPS requests can ever hit it, so the HTTPS part is moot).
Then I can move it to this host.

Although really maybe I'll just do T8706 now instead, and then the whole thing can just be HTTPS. This is still desirable in either case.

Although really maybe I'll just do T8706 now instead

Actually, this makes a much bigger mess with letting custom blog domains through PhacilitySiteConfig that I don't particularly want to deal with, so scratch that.

New revised plan is to just stop requiring HTTPS on blogs on external domains. They have to be public anyway. If you really want them to be HTTPS-only, it's relatively easy to configure that yourself.