Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS is a requirement now #334

Closed
Cheesebaron opened this issue Sep 6, 2017 · 28 comments
Closed

HTTPS is a requirement now #334

Cheesebaron opened this issue Sep 6, 2017 · 28 comments

Comments

@Cheesebaron
Copy link
Member

@Cheesebaron Cheesebaron commented Sep 6, 2017

There are many reasons to switch to HTTPS, some of the important ones include

  • Protecting privacy
  • Browsers getting more strict
  • HTTP 2
  • 3rd party inclusion
  • Apple Transport Security and Android usesCleartextTraffic = false requires SSL

We at Planet Xamarin support the movement of switching everything to use HTTPS and we encourage and expect authors to switch too.

20th September 2017, we will go through all author classes and ensure that blogs support HTTPS. Those who do not support it, will be removed from aggregation.

There are no valid reasons to not support HTTPS, and it is a very easy exercise to enable it on your blog. There are free certificate authorities such as Let's Encrypt, which are supported by the majority of CMS systems and hosting control panels, or you could put your blog behind CloudFlare. How to set this up has been documented so many times and is a very trivial thing to do.

@planetxamarin/authors

@almirvuk
Copy link
Member

@almirvuk almirvuk commented Sep 6, 2017

Great decision!

@ghuntley
Copy link
Member

@ghuntley ghuntley commented Sep 6, 2017

I support this.

@gshackles
Copy link
Member

@gshackles gshackles commented Sep 6, 2017

Same here, HTTPS all the things. My site already supports HTTPS so :shipit:!

@Cheesebaron
Copy link
Member Author

@Cheesebaron Cheesebaron commented Sep 19, 2017

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 19, 2017

Zoinks!

I think it will be good to allow for a bit more time, I have seen some people on Twitter mentioning they need more time because they would need to move a whole lot of stuff. Not sure why that would be necessary though, but OK.

I think it's important to stop this at the gate right now and keep pressuring this list to slim it down. And if it's down to just a few set a hard deadline: comply or be removed.

@PieEatingNinjas
Copy link
Contributor

@PieEatingNinjas PieEatingNinjas commented Sep 19, 2017

Updated! (https://blog.pieeatingninjas.be/feed/)
But maybe try to contact the authors whos blog isn't on https yet? If @Depechie hadn't notified on Twitter, I wouldn't have known about this upcoming requirement.

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 19, 2017

We've put it out here mentioning the authors group, by I think not everyone is in there. Most are though. If you won't mind mentioning a couple of people you might be in contact with that would be great!

We want to put out a little tweet as well. Problem is we don't have one channel to reach everyone :)

Also, please put in a PR changing your URL? Thanks!

@PieEatingNinjas
Copy link
Contributor

@PieEatingNinjas PieEatingNinjas commented Sep 19, 2017

I did indeed get a notification about this message, I must have missed it somehow. :-)

@kentcb
Copy link
Contributor

@kentcb kentcb commented Sep 19, 2017

Well, I'd like to fix my blog but according to this:

HTTPS is not supported for GitHub Pages using custom domains.

So I guess I'm SOL....?

@nigel-sampson
Copy link
Contributor

@nigel-sampson nigel-sampson commented Sep 19, 2017

You can use Cloudflare to set up SSL for free for GitHub pages (which is what I did, took about twenty minutes).

@kentcb
Copy link
Contributor

@kentcb kentcb commented Sep 19, 2017

Thanks @nigel-sampson! I'll add it to my TODO list.

@patridge
Copy link
Contributor

@patridge patridge commented Sep 20, 2017

For anyone else running WordPress on a provider without SSL support, hopefully this Stack Overflow answer about working around the internals of the is_ssl method with Cloudflare (or similar) will save you a couple hours.

After a painful two-night battle with things, I think I finally got SSL working for my blog. If all settles in happily, I'll put together a PR tomorrow.

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 20, 2017

For the paperworks, these came in today and are off the list:

http://blog.pieeatingninjas.be/feed/rss
http://pumpingco.de/feed/
http://redth.codes/feed/
http://www.patridgedev.com/feed/

Four down, 30 to go!

patridge added a commit to patridge/planetxamarin that referenced this issue Sep 20, 2017
jfversluis added a commit that referenced this issue Sep 20, 2017
…for #334.
patridge added a commit to patridge/planetxamarin that referenced this issue Sep 20, 2017
Cheesebaron added a commit that referenced this issue Sep 20, 2017
@therealjohn
Copy link
Contributor

@therealjohn therealjohn commented Sep 20, 2017

I just updated mine. :D

https://jmillerdev.net

@kentcb
Copy link
Contributor

@kentcb kentcb commented Sep 21, 2017

Updated. PR is #355.

@lothrop
Copy link
Contributor

@lothrop lothrop commented Sep 22, 2017

I'm still struggling. My provider won't let me use TLS for a subdomain. I haven't got CloudFlare to work since my provider doesn't have a fixed IP address for my website.

lothrop pushed a commit to lothrop/planetxamarin that referenced this issue Sep 22, 2017
jfversluis added a commit that referenced this issue Sep 22, 2017
@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 22, 2017

Looks like you got it working @lothrop ! Nice!

@lothrop
Copy link
Contributor

@lothrop lothrop commented Sep 22, 2017

Only that the cert now costs more than all domains combined…

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 22, 2017

Why?! You can get certs for free!

@lothrop
Copy link
Contributor

@lothrop lothrop commented Sep 22, 2017

For that, I'd need admin access for the server.

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 22, 2017

Not always, of course I don’t know the details and I’m sure that you’ve done your research but I.e. direct admin has support built-in these days. Works like a charm!

Or maybe that’s what you mean by admin access

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Sep 28, 2017

Just 20 left! 🎉

@CayasSoftware
Copy link
Contributor

@CayasSoftware CayasSoftware commented Sep 29, 2017

Sorry I am late to the party. I saw it on twitter thanks to @jfversluis. I will take switch as fast as I can.

@jfversluis
Copy link
Member

@jfversluis jfversluis commented Oct 17, 2017

Alright, a lot are done! I think it's starting to get time to enforce?

@DanRigby
Copy link
Member

@DanRigby DanRigby commented Oct 17, 2017

@Cheesebaron
Copy link
Member Author

@Cheesebaron Cheesebaron commented Jan 27, 2018

This can be closed now.

If someone was removed as part of #407 and you want back in, please open a Pull Request to add yourself back.

@xleon
Copy link
Contributor

@xleon xleon commented Jan 27, 2018

Wow, I didn´t see anything about this until I got removed/mentioned yesterday.
My site is fixed now with https auto-redirections.
Will send PR soon

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet