This has been done

And it is not fixed.. you can't just make a CNAME or an A dns entry as HSTS wants the certificate to match the dns name which it doesn't.

OK so we can't just make a CNAME change to make this work. The HTTPS certificates are only for *.app.os.fedorainfracloud.org and trying to go to testdays to that without a proxy doing a redirect isn't possible.

Hmm, okay, having testdays.fedoraproject.org is not critical for us... more like nice to have.

testdays.fedorainfracloud.org works now, that's the only time sensitive thing. I'll setup another pod with redirect once I have some free cycles and create a new ticket for that.

Thanks, you can close this one if you want!

So I put in to our proxy system to get testdays.fedoraproject.org (and the original testdays.qa.fedoraproject.org ) to work. If you go to testdays.fedoraproject.org it will redirect you to https://testdays-testdays.apps.os.fedorainfracloud.org/ which looks like it is not running.

So I put in to our proxy system to get testdays.fedoraproject.org (and the original testdays.qa.fedoraproject.org ) to work. If you go to testdays.fedoraproject.org it will redirect you to https://testdays-testdays.apps.os.fedorainfracloud.org/ which looks like it is not running.

Yeah, it's up on http only for now. But that'll do, I'll need to figure out OpenShift/LetsEncrypt :)

Thanks!

Thinking about it... I might want to use some fedoraproject.org wildcart cert, I'll ping somebody on IRC on Wednesday if I won't be able to make it work :)

The wildcard cert has to be fairly locked down and I don't think we would allow it in communishift.

communnnishift has cert-manager operator installed and can issues certs in the fedorainfracloud.org domain.

See:

https://infrastructure.fedoraproject.org/cgit/ansible.git/tree/files/communishift/objects/cert_apps.yml

https://cert-manager.io/docs/usage/certificate/

So, in theory you should be able to setup a route for testdays.fedorainfracloud.org and then request a cert for it.