These subdomains should just be removed. They made sense in the times of HTTP when browsers had a hard limit on the number of simultaneous requests per domain. Now, in the time of HTTP/2.0 over TLS, there are modern pipelining techniques that render multiple domains not needed. We should make a list of tools still using subdomains and work with their authors to migrate.

In T161256#3128643, @MaxSem wrote:

Now, in the time of HTTP/2.0 over TLS, there are modern pipelining techniques that render multiple domains not needed.

Just don't forget that we're talking about the Real World™, where Internet Exploder v5.0 is still reality. Not that I say I want to support that but SPDY/HTTP2 isn't that ubiquitous and older clients may well hit rate limits hard.
People with godmode flags may check how many requests are and are not using HTTP2, and help to make informed decisions.

The only valid use for labs is WMF projects, and those don't support JS in IE under 9 (9 iS soon going to be deprecated too). No JS=no dynamic maps. And no, IE 5 is not supported in any way.

In T161256#3137827, @MaxSem wrote:

The only valid use for labs is WMF projects,

This is not true in its strictest sense, and it is definitely not true in the particular case, unless you intepret "WMF projects" as "projects supported by the WMF for the general public".

and those don't support JS in IE under 9 (9 iS soon going to be deprecated too). No JS=no dynamic maps. And no, IE 5 is not supported in any way.

I would expect some background check from you before answering. Let me do it then. HTTP/2 support by browser versions:

• IE 11+ (limited suport)
• Edge 14+
• Firefox 51+
• Chrome 49+
• Safari 10+ (limited support)
• Opera 9.3+
• Opera Mini: NOT supported
• Android browser 53+(!!)
• Chrome/android 56+

Some of these are pretty recent versions. I don't really agree your optimism about coverage.

In T161256#3138272, @grin wrote:

I would expect some background check from you before answering. Let me do it then. HTTP/2 support by browser versions:
…
Some of these are pretty recent versions. I don't really agree your optimism about coverage.

I believe @MaxSem was referring to MediaWiki official level of support for various internet browsers (see https://www.mediawiki.org/wiki/Compatibility) rather than browsers support levels for HTTP/2 processing.

And how the only use case for Labs, is to support to the Wikimedia projects so we don't need to have extended support for browsers where the official site doesn't no longer supports.

In T161256#3138330, @Peachey88 wrote:

In T161256#3138272, @grin wrote:

I would expect some background check from you before answering. Let me do it then. HTTP/2 support by browser versions:
…
Some of these are pretty recent versions. I don't really agree your optimism about coverage.

I believe @MaxSem was referring to MediaWiki official level of support for various internet browsers (see https://www.mediawiki.org/wiki/Compatibility) rather than browsers support levels for HTTP/2 processing.

I see. The root cause of my reply was the suggestion of "These subdomains should just be removed. ", since the removal would require HTTP/2 support from all browsers (including plenty of ancient mobile ones).
I do not want to get into the state where the domains get removed but the clients hit the rate limit wall and someone woudl react to the problem saying "well, that's the way it is" and the service would be useless for a huge amount of people.

But as I said the logfiles are there and it's rather simple to make a stat about usage, browser versions and expected rates. I do not have access to them, so I cannot help, but if nobody wants to do it offer access and I'll make some stats… Without it it's a blind guessing game, isn't it?

But the problem is there: over HTTPS it's not working right now, and browsers complain about mixed content, some to the extent of denying the connection.

FYI, I have configured [abc].tiles.wmflabs.org webhosts to redirect to http://tiles.wmflabs.org during T204506: cloudvps: maps project trusty deprecation

These hosts are still in use however.

In T161256#5070781, @TheDJ wrote:

FYI, I have configured [abc].tiles.wmflabs.org webhosts to redirect to http://tiles.wmflabs.org during T204506: cloudvps: maps project trusty deprecation

These hosts are still in use however.

T252721: cloud-vps solution for Let's Encrypt and proceeding changes have fixed the cert issue. The redirect is still in place, so https://{a,b,c}.tiles.wmflabs.org/* all redirect to https://tiles.wmflabs.org/*. We can either close this in that state, or @TheDJ can undo the redirect. Either way, I think the hard part on the WMCS side is done and TLS errors should be eliminated.

I replaced the redirects with a general http -> https redirect protocol upgrade.

For future reference.. I think these types of subdomains still require some manual registration config by cloud team that you cannot do in Horizon.

In T161256#6221208, @TheDJ wrote:

For future reference.. I think these types of subdomains still require some manual registration config by cloud team that you cannot do in Horizon.

That is correct. And additionally, all of the proxies for the maps project are now served by a separate front proxy instance which is not controlled by the Horizon UI at all.