Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Support HTTPS #2

Open
dave1010 opened this Issue · 13 comments

4 participants

@dave1010

Not sure if this is a code issue or just the configuration of 5minutefork.com but 5minutefork.com doesn't respond to HTTPS requests. This is especially noticeable when replacing a github URL (which all starts with https) with 5minutefork.com.

@remy
Owner
@dave1010

I've got free certs from http://www.startssl.com/?app=1 before, which should do the job. Takes a few minutes to register, then you need to tell Apache / nginx to serve HTTPS on port 443 and to use the certificate.

@remy
Owner
@remy
Owner

Not as easy as I had hoped, but definitely on the case!

@dbohdan

Seconding this request. I forget to replace https:// with http:// every time and it's a bit annoying, especially given that 5minfork is most useful when you're away from your main computer and have no fancy bookmarklets to rely on. The first time I did this I even thought your website was down.

I don't think security is an issue here, so you could redirect HTTPS requests to HTTP through a page served with a self-signed SSL certificate.

@adamstrawson

@remy If you need a hand setting up SSL, give me a shout - I'll be happy to help.

@remy
Owner

@adamstrawson yeah, I'd appreciate that. I started doing the startssl thing - but got stuck once I had a cert (plus I did it on a Chromebook, and it doesn't let you download the certificates!!!).

If all it needs is https running and immediate redirecting to http, then I'm not sure whether the cert is even required (i.e. self sign would do fine) - but for some reason in all the years I've been web dev'ing, I've never personally set up the SSL side of things! i.e. I'd welcome the help :)

@adamstrawson

@rem I'd imagine it would be best to use the startssl cert, as self signed would still show the unverified warning, especially in some older browsers before the rewrite/redirect happens.

Are you running Nginx, Apache, Other?

If Nginx;

server {
       listen 443;
       server_name 5minutefork.com;
       rewrite ^(.*) http://5minutefork.com$1 permanent;

       ssl on;
       ssl_certificate      /etc/nginx/certs/5minutefork.crt;
       ssl_certificate_key  /etc/nginx/certs/5minutefork.key; 
 }

If apache;

<VirtualHost *:443>
    DocumentRoot "/var/www/5minfork/webroot"
    ServerName 5minutefork.com
    SSLEngine on
    SSLCertificateFile /etc/apache2/certs/5minutefork.com.crt
    SSLCertificateKeyFile /etc/apache2/certs/5minutefork.com.key
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{HTTPS} on
        RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>
</VirtualHost>

These are untested, and written from memory

If I remember correctly, you're at The Skiff? I'm only across the road, so happy to swing by sometime and walk through it.

@remy
Owner

I was going to say there's no service in front of the server, but actually that's wrong. Varnish is in front of the box. And that only works mostly due to fluke!

@adamstrawson

Cool, Varnish doesn't work with HTTPS, so you'd just keep that listing on :80, and send anything on :443 to something that can handle HTTPS

We had Varnish in our stack for caching and load balancing, handling :80 traffic, and Nginx in front handling :443, which then sent the request to Varnish over :80, so maybe do a similar approach to that?

@remy
Owner
@adamstrawson

Does startssl email you a zip with the keys, or is it downloadable from the website? Either way, could you not wget the file directly onto the server?

@remy
Owner

I've not missed this, but I've got a server change to do on jsbin.com which will trickle down to this machine too (5minfork is running on the old jsbin server - so it's the same arch). Once that's done, SSL will be simple to put in.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.