HTTPS not working

[kmoe]

Currently, https://phoenixframework.org/ times out, while http://phoenixframework.org/ loads correctly.

[chrismccord]

We haven't set up ssl on the landing page and it's not something I'm currently prioritizing over other efforts. The site is hosted form an S3 bucket if someone would like to figure out the legwork for me on getting SSL in place with letsencrypt. Thanks!

[kmoe]

I discovered this issue when following a link to https://phoenixframework.org/docs/advanced-deployment from https://hexdocs.pm/distillery/use-with-phoenix.html. I think it may be easier to set up SSL than update all the links to phoenixframework.org across the internet!

If you want to set up SSL while keeping the site on S3 you have a couple of options. It's not possible to set up a certificate for a custom domain pointing directly to an S3 bucket, so you will need to point your domain DNS to CloudFront or another proxy.

Option 1: Let's Encrypt

Generate Let's Encrypt certificate locally, upload to AWS Certificate Manager, point to CloudFront distribution.

http://blog.bogdancarpean.com/add-https-to-amazon-s3-hosted-website/

Option 2: ACM

Request certificate on AWS Certificate Manager, point to CloudFront distribution.

https://ronniemlr.com/2018/01/22/https-for-your-static-s3-website/

The second option is easier, but ties you into AWS more (though the cost of switching is still small).

Hope this helps, and thanks for your work on Phoenix.

[timwis]

Chrome will start marking non-https sites as "not secure" this month, so it may be worth revisiting. If you're already using S3, option 2 above should be pretty straightforward. Other options are:

3. Use github pages instead of S3, and get SSL for free. You could setup travis CI to build the site and push it to the gh-pages branch when you push to master.
4. Use CloudFlare for the site's DNS, which also gives you SSL for free.

[chrismccord]

https://phoenixframework.org

Cheers :)