As a security measure, files are served under another domain than *.nasqueron.org, currently it's a subdomain of radioactif.org, which is expired.
A new domain should be setup or this one renewed.
Update: a temporary domain has been set: files are now served by phabricator-files-for-devcentral-nasqueron.spacetechnology.net
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | None | T660 Switch DevCentral in https only | |||
| Resolved | dereckson | T224 Serve Phabricator static files for DevCentral under another domain than radioactif.org |
To migrate to HTTPS, we should require a Let's encrypt certificate for phabricator-files-for-devcentral-nasqueron.spacetechnology.net.
phabricator-files-for-devcentral-nasqueron.spacetechnology.net is a perfectly fine domain for now.
We split into two vhosts, one for devcentral with our StartSSL certificate, the other for this domain for the Let's encrypt certificate.
New nginx vhost
server {
listen 80;
listen [::]:80;
server_name phabricator-files-for-devcentral-nasqueron.spacetechnology.net;
include letsencrypt;
include ssl_params;
ssl_certificate /data/letsencrypt/etc/live/phabricator-files-for-devcentral-nasqueron.spacetechnology.net/fullchain.pem;
ssl_certificate_key /data/letsencrypt/etc/live/phabricator-files-for-devcentral-nasqueron.spacetechnology.net/privkey.pem;
include proxy_params;
location / {
proxy_pass http://localhost:31080;
}
}Certificate
$ letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -a webroot --webroot-path=/www -d phabricator-files-for-devcentral-nasqueron.spacetechnology.net [...] $ docker exec devcentral bin/config set security.alternate-file-domain https://phabricator-files-for-devcentral-nasqueron.spacetechnology.net Set 'security.alternate-file-domain' in local configuration.