I want to deploy https for the main website: www.roundup-tracker.org
(aka roundup.sourceforge.net). Ideally the http endpoints will
redirect to https.

The main docs are:
  
   https://sourceforge.net/p/forge/documentation/Convert%20your%20website%20to%20HTTPS/

It says it also upgrades php. AFAIK we don't use php so we don't care.

On the admin page (https://sourceforge.net/p/roundup/admin/ext/https/) it references
custom vhost docs with:

   Your virtual hosts (www.roundup-tracker.org, etc) can be upgraded
   to PHP 7.x if you change the DNS records to point to
   216.105.38.11 or for subdomains CNAME vhost2.sourceforge.net.
   They will continue to be served over HTTP. Custom VHost
   documentation.

I have checked the VHost docs (https://sourceforge.net/p/roundup/admin/ext/vhost/)
and there is a notice:

  Your VHOST domains will not work with HTTPS.

Hmph. I don't see a way to create a redirect page from the vhost domain to the https
domain since the http and https endpoints are the same directory on disk.

So this may mean we need to use:

  https://roundup.sourceforge.io

as our main url if we want https.

Also I have removed the wiki.roundup-tracker.org name from the alias table. The only
two aliases left are roundup-tracker.org and www.roundup-tracker.org.

Quips, comments, evasions, questions or answers?

-- rouilj

Hi John,

from my perspective we should not change the main url lightly.
(Unless we think about changing the name roundup to something less
associated with the herbicide anyway.)

And we do not want our main URL to contain "sourceforge" IMO.

It seems understandable that sourceforge cannot provide
TLS certificates easily for toplevel domains they do not fully control.
So it would need to be us that provides the TLS cert (should be possibly via Let's encrypt somehow).

https://sourceforge.net/p/forge/documentation/Custom%20VHOSTs/
does not list TLS or certificates or HTTPS. Maybe it is worth a question
to SF.

Or we should consider moving the hosting place. :/

Opened: https://sourceforge.net/p/forge/site-support/21104/

I got a response. I am requesting verification that
we can make these changes without downtime.

It looks like we need to move:

  www.roundup-tracker.org to roundup.sourceforge.io

and the apex record:

  roundup-tracker.org to 216.105.38.11

From my testing (added new ip to hosts file), it looks like http
is available at that site, so it should be doable without any
down time.

Who has the credentials to do that?

Richard?

Once this is done they can request ssl certs and we can migrate 
referring url's to https.

-- rouilj

Good you have asked. :)

Heard from Richard today. He is in crunch mode for a presentation
this weekend. So this change can occur later next week at the earliest.

tw at waldmann-edv.de has done the following DNS changes:

from:

  roundup-tracker.org.    600     IN      A       216.105.38.10
  www.roundup-tracker.org. 600    IN      CNAME   vhost.sourceforge.net.

to:

  roundup-tracker.org.    600     IN      A       216.105.38.11
  www.roundup-tracker.org. 600    IN      CNAME   roundup.sourceforge.io


he also changed:

  *.roundup-tracker.org to point to 216.105.38.11

I have updated the sourceforge ticket asking them to install certs.

Https is enabled. We are running both http and https at this point.

AFAICT the web site under both names (https://www... and just
https://roundup-tracker.org) are working fine. Internal links are 
redirecting to the same base site.

Does anybody want to take a look and in about 16 hours, I'll ask
them to make it all https (http redirects to https I assume)
and close out this ticket.

No issues reported. So asked them to install the redirect from http
to https.

Once that is done the links for:

  Home,
  Docs,
  Contact,
  Code

in the templates for issues.roundup-tracker.org and
wiki.roundup-tracker.org need to change to point to https.

Bern, can you/we make the changes to wiki or do I have to ask
Thomas for help?

Also http://roundup.sourceforge.net/ needs to be dealt with somehow.
I added that to the sourceforge ticket. Hopefully it just comes out in 
the wash.

Misc updates:

    Update references to http://www and http://roundup 
       in roundup code base (setup.py et. al) and doc.
       and check into hg.

    Need to change the topic url on irc,
 
    References on
      https://en.wikipedia.org/wiki/Roundup_(issue_tracker)

    Home page reference on:
       https://freshcode.club/projects/roundup-tracker

    References on: https://pypi.org/project/roundup/ (if it
       can be done without a new release)

> Bern, can you/we make the changes to wiki or do I have to ask
> Thomas for help?

If we are talking about changes about the wiki contents, it should be possible 
for you to do it by yourself. Just login and search for the pages that you 
would like to change. (Okay, if it is a lot or if it is in the non-page 
contents, we'd need to mail Thomas with a script or updates.)

Hi Bern:

In message <202008311848.24416.bernhard@intevation.de>,
Bernhard Reiter writes:
>> Bern, can you/we make the changes to wiki or do I have to ask
>> Thomas for help?
>
>If we are talking about changes about the wiki contents, it should be
>possible for you to do it by yourself. Just login and search for the
>pages that you would like to change. (Okay, if it is a lot or if it
>is in the non-page contents, we'd need to mail Thomas with a script
>or updates.)

I am talking about the links on the far left for Home, Download, Docs,
Contact and Code. I think that is part of the template and can only be
changed on the server not via the web. Am I correct?

>  Am I correct?

Yes, I think so (from my memory, didn't check).

Redirection to https is in place. So all http url's: 
  http://www.roundup-tracker.org,
  http://roundup-tracker.org,
  http://roundup.sourceforge.net/
redirect to https. Asked sourceforge to close their ticket.

> the links for:
> Home, Docs, Contact, Code
> in the templates for issues.roundup-tracker.org and
> wiki.roundup-tracker.org need to change to point to https.

are all relative so they pick up the new https urls. So nothing to do.

> https://pypi.org/project/roundup/

needs a new release. The changes I have done to setup.py should
make the link right in the new release. Redirection will handle it
for now. Not planning any changes.

changed all http:.*roundup-tracker references to https except docs 
that need it for historic correctness.

freshcode is updated.

Tried updating https://en.wikipedia.org/wiki/Roundup_(issue_tracker) 
with no luck. Can't figure out how to change the metadata.

TODO:

Get patched update of website/wiki/wiki/data/plugin/theme/roundup.py 
to thomas waldman for installation to fix wiki -> main site links.

Need to install update for issues.

> Need to install update for issues.

page.html updated. Links now use https.

Thanks John - good work!

Just updated wikipedia EN and DE. 

Still missing:
 * wikipedia FR
 * link to source code repo with TLS (could not figure it out quickly)

Hi Bern:

In message <1599719809.42.0.588199794272.issue2551087@roundup.psfhosted.org>,
Bernhard Reiter writes:
>Just updated wikipedia EN and DE. 

Thanks. Looks good.

>Still missing:
> * wikipedia FR
> * link to source code repo with TLS (could not figure it out quickly)

Would: https://sourceforge.net/p/roundup/code/ work? That's the web
browsing interface.

I am still looking for an https interface for the mercurial (cloning
and web) interface:

   http://hg.code.sf.net/p/roundup/code

If I change http to https, I am prompted to login (my sourceforge
credentials work). However the interface seems to be missing css and
looks weird.

But there should be an anonymous https interface for mercurial as
well. I have opened https://sourceforge.net/p/forge/site-support/21227/.

Have a great day.

Bern:

It looks like there is no https endpoint for mercurial that doesn't 
require a sourceforge login. This ticket:

   https://sourceforge.net/p/forge/feature-requests/727/

should also fix our requirement. So:

   https://sourceforge.net/p/roundup/code/ 

is I think the only choice.

-- rouilj

== direct urls to source code

John,
thanks for the research and finding the feature request.
I've seconded it there.

So I'll just leave the wikipedia links to the license in the source
code tree as is for now.

Emailed new roundup.py theme for the wiki to Thomas Waldman for 
installation.

Changed url's on irc channel to use https.

Wiki is updated. Looks like there was a missing:

         _ = self.request.getText

         html = [
+            # Pre header custom html
+            self.emit_custom_html(self.cfg.page_header1),
+
             u'<div class="header">',
             self.logo(),
             self.searchform(d),

in  website/wiki/wiki/data/plugin/theme/roundup.py.
I have committed this change on rev6287:7132c780c686.

I think this is finally done.

Any extra stragglers (pypi etc) will get fixed on next roundup release.