Enable HTTPS #22
Comments
|
Let's encrypt is a great idea, I'll help if you like. I've never implemented it either but feel confident about it. |
|
AFAIK we need to get the keys from Let's Encrypt and them config the server… this second part, the server part is where I have no idea where to start. Would you like to get together to tackle this issue? We can set up a pair programming to check what we can get… |
|
Do you control the server? Having ssh access is best but we can do it manually if we need to. |
|
Yep, I have root access to our server (a droplet at Digital Ocean). The nginx config file I'm using is in the repo here for reference (just in case)… |
|
Ok, I'm at work ATM. For another 6hrs unfortunately. I can be of more help when I get home. Have you seen the custom instructions here https://certbot.eff.org ? |
|
I read over the ones for debian real quick and think after that you will just have auto renewing certificates installed. Then it's just a matter of setting up nginx. |
|
Many thanks for the reference, @robjloranger! And don't worry about being available, we can talk asynchronously ; ) I read the nginx Certbot docs you sent and that clarified a bit… but I still have doubts when they say How does that work when nginx is used as a proxy for a Maybe the answer is the |
|
LetsEncrypt its a awesome option but CloudFlare is not enough? |
|
I don't know the difference between encrypting stuff via Let's Encrypt and CloudFare (and TBH I just know CloudFare because of their CDN service). My concern here is that people can browse documents from Brazilian government behind a HTTPS protocol to keep their privacy. This is what really matters. |
|
Yep, they offer it on free but if you apply as an ONG we should get the ultimate master blaster hyper plan for free. |
Great, gonna get started then! |
|
Just a quick note on this. On #18 I started a discussion about splitting the front-end and backend of Jarbas into (potentially) their own repository. @cuducos agreed to discuss that further after other issues on the repo got sorted (specially #12 ). If we were to host the front-end on Firebase, they give HTTPS free by default. I'm not able to help much with the backend though, as all I ever did was buying certs and setting them up with Apache. But if we were to pair up for something, I'd be keen to actually get some hands on with lets encrypt or at least follow this issue and learn a bit more about it from what you guys manage to achieve 😉 (I'm not that sharp with Python or nginx, unfortunately). |
|
Many thanks @leomeloxp.
We got free droplets as a kind of sponsorship from Digital Ocean, so we're sticking with them.
Yay! I like that. As @pedrommone pointed out probably this issue is strictly related to #12, so I'll wait for it before spending time studying how to config nginx for HTTPS. But let's get back to that in a week maybe ; ) |
|
@cuducos let me know when you get there, I'll be happy to help |
|
How Shared SSL Certificate for Cloud Flare Works? He delivery a domain like: someone.cloudflare.com or we can config mydomain.com to use https? |
|
the only downside of letsencrypt, is that it does not support wildcards. |
|
@gwmoura they offer a full and customized SSL for you domain :) |
|
excellent @pedrommone, I gonna test the service 😄 |
|
Cloud Flare is non Tor friendly :( |
|
I think CloudFlare was on the table just as a measure to protect ourselves from DDoS as raised by @pedrommone. I wasn't aware CloudFlare wasn't Tor friendly. But to be honest we might be too much worried with things that might happen, or might not happen (DDoS). I think privacy is a must (then HTTPS) and that Tor might help with privacy. So if I had to choose I'd leave the DDoS shield for later. We're fully open source, if we're down anyone could serve the same thing with a few clicks — distributed systems are more reliable than centralized ones (that's one reason why we do open source with open data). |
|
hello @cuducos i would like to help, i configured a https with a self signed certificate in my cloud service. |
|
Many thanks, @danizavtz! In fact @gomex, @gwmoura and others are advancing with a Docker infrastructure for deploy. I think that you could coordinate to work with them there (we're using |
|
Yes no problem. I was not aware of what was happening on that branch, latter I saw the discussion about docker integration. |
|
Many thanks @danizavtz! Soon (maybe later today) Docker stuff will me merged to |
|
UPDATE: Docker stuff is already on |
|
@danizavtz are you working on it? What are you did? |
|
Hello, yesterday i tried run the jarbas locally on my machine, but i could not run this docker.... |
|
@danizavtz What was the error? Share it and we might fix it or help you get started ; ) |
|
It occur when i run the command: this directory [.env] does not exist in my jarbas folder. |
|
Yay, you just helped us figuring out something wrong in nour documentation. The Settings is relevant to Docker users too, whe should reorganize that in the |
|
Hey @cuducos shall we create a new issue, with this error? |
|
@danizavtz its already created: #59 |
|
Now I copied the .env config and I could build the project using docker with success. Now it gives me an error when i run the command: Here is the error: But i didn't run the command migrate, or make migrations, to create the tables in the database. |
|
@danizavtz can you open an issue about the problem you're facing? Let's maintain the discussion here about the HTTPS. Thank you :) |
No need to run Please, let's follow @pedrommone's excellent suggestion: report that in a new issue to make it easier for the community ; ) |
I've never done that — is letsencrypt.org a good idea? I feel like I'd like to pair with someone else to get that up and running because all this is new to me.
The text was updated successfully, but these errors were encountered: