Bug 227005 - Redirect tinderbox CNAME
Summary: Redirect tinderbox CNAME
Status: Closed FIXED
Alias: None
Product: Services
Classification: Unclassified
Component: Testing & CI (show other bugs)
Version: unspecified
Hardware: Any Any
: --- Affects Only Me
Assignee: Li-Wen Hsu
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-27 17:41 UTC by John Baldwin
Modified: 2020-10-26 01:40 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Baldwin freebsd_committer freebsd_triage 2018-03-27 17:41:10 UTC
tinderbox.freebsd.org at this point is quite stale (last build is from 2014) but it is still the first hit in Google for "freebsd tinderbox".  While the Jenkins tinderbox may not fully replicate the old one, it is at least doing builds, so I think we should redirect tinderbox.freebsd.org to ci.freebsd.org/tinderbox
Comment 1 Ed Maste freebsd_committer 2018-06-21 12:41:30 UTC
http://tinderbox.freebsd.org now redirects to https://ci.freebsd.org/tinderbox

although https://tinderbox.freebsd.org does not work: "tinderbox.freebsd.org uses an invalid security certificate. The certificate is only valid for web1.nyi.freebsd.org"
Comment 2 Li-Wen Hsu freebsd_committer 2018-06-21 18:45:18 UTC
Need clusteradm to configure web1.nyi.freebsd.org.
Comment 3 Sean Bruno freebsd_committer 2018-06-21 18:54:50 UTC
(In reply to Li-Wen Hsu from comment #2)
When I access tinderbox.f.o it goes to ci.freebsd.org/tinderbox.

What else needs to be done here?
Comment 4 Ed Maste freebsd_committer 2018-06-21 19:02:48 UTC
(In reply to Sean Bruno from comment #3)
Did you try https://?
http:// works for me, https:// gives me a cert error.
Comment 5 Li-Wen Hsu freebsd_committer 2018-06-21 19:08:51 UTC
I think we should let web1.nyi.freebsd.org use correct certification.

```
$ curl -v https://tinderbox.freebsd.org
* Rebuilt URL to: https://tinderbox.freebsd.org/
*   Trying 2610:1c1:1:607c::50:2...
* TCP_NODELAY set
* Connected to tinderbox.freebsd.org (2610:1c1:1:607c::50:2) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=web1.nyi.freebsd.org
*  start date: May  1 20:29:56 2018 GMT
*  expire date: Jul 30 20:29:56 2018 GMT
*  subjectAltName does not match tinderbox.freebsd.org
* SSL: no alternative certificate subject name matches target host name 'tinderbox.freebsd.org'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'tinderbox.freebsd.org'
```
Comment 6 Sean Bruno freebsd_committer 2018-06-21 19:09:36 UTC
(In reply to Li-Wen Hsu from comment #5)
Oh, well that's different than the ticket description.  :-)

ok, let me get a cert or whatever nonsense is required here.
Comment 7 Li-Wen Hsu freebsd_committer 2020-10-26 01:40:14 UTC
https://tinderbox.freebsd.org works now.