Page MenuHomePhabricator

Don't apply `security.require-https` to intracluster requests
ClosedPublic

Authored by epriestley on Apr 13 2016, 1:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Aug 13, 7:41 PM
Unknown Object (File)
Sat, Aug 13, 4:00 PM
Unknown Object (File)
Sun, Aug 7, 6:15 AM
Unknown Object (File)
Sat, Aug 6, 3:05 PM
Unknown Object (File)
Sat, Aug 6, 11:53 AM
Unknown Object (File)
Thu, Aug 4, 4:00 AM
Unknown Object (File)
Sat, Jul 30, 7:58 PM
Unknown Object (File)
Thu, Jul 28, 9:47 PM
Subscribers
None

Details

Summary

Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a SiteConfig.

On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests.

Also document a lot of stuff.

Test Plan

Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on secure.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Don't apply `security.require-https` to intracluster requests.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
chad added inline comments.
src/docs/user/cluster/cluster.diviner
96

accessing? or access to?

This revision is now accepted and ready to land.Apr 13 2016, 4:28 PM
epriestley edited edge metadata.
  • Add missing "access to".
This revision was automatically updated to reflect the committed changes.