Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support https #105

Closed
asmeurer opened this Issue Feb 23, 2018 · 26 comments

Comments

Projects
None yet
4 participants
@asmeurer
Copy link
Member

asmeurer commented Feb 23, 2018

GitHub is apparently supporting https for custom domains now. The enforce checkbox can be checked, although for me it doesn't actually do anything (it still allows http).

For SymPy, https://www.sympy.org/ gives mixed content warnings because of several http resources:

Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Open+Sans:300,400,700|Gentium+Basic'. This request has been blocked; the content must be served over HTTPS.
index.html:109 Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.sympygamma.com/input/'. This endpoint should be made available over a secure connection.
cb=gapi.loaded_0:221 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('https://www.sympy.org').
(anonymous) @ cb=gapi.loaded_0:221
index.html:1 Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Open+Sans:300,400,700|Gentium+Basic'. This request has been blocked; the content must be served over HTTPS.

These should be easy enough to fix. We should also fix the other sites (sympy docs, sympy gamma, and sympy live).

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Feb 23, 2018

SymPy Live and SymPy Gamma aren't served over GitHub pages, so that would be a separate thing to fix (they don't presently work over https at all).

@normalhuman

This comment has been minimized.

Copy link
Contributor

normalhuman commented Feb 26, 2018

Also, docs.sympy.org loads several stylesheets from live.sympy.org. I don't see why; when the stylesheets get blocked by the browser, the pages look as they normally do.

As far as docs.sympy.org is concerned, the main issue is the outdated MathJax link, besides being http it points to a long-retired CDN. I'll try to correct this when I manage to clone sympy_doc, which turned out to be quite a heavy repo to clone.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Feb 26, 2018

It might be possible to have https on live as well. We need to look into it.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Mar 7, 2018

Looking into https for SymPy Live and SymPy Gamma. It looks like Google provides a certificate (https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl), but we have to set up the custom domains.

It looks like live.sympy.org and gamma.sympy.org are not registered in the Google Cloud dashboard. www.sympygamma.com is registered, but it doesn't let me modify it (it says I don't own it).

@certik do you still have admin access to these domains, or will we need to fix this through NumFOCUS?

Here is the relevant dashboard page https://console.cloud.google.com/appengine/settings/domains?project=sympy-gamma-hrd&serviceId=default (and https://console.cloud.google.com/appengine/settings?project=sympy-live-hrd&serviceId=default for SymPy Live)

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

OK, now HTTPS works and is required for SymPy Live and SymPy Gamma, and it works for sympy.org (sympy/sympy_gamma#111).

One final problem, is that https://sympy.org gives an invalid cert error (as opposed to https://www.sympy.org). I don't know if it can be fixed.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

Anyway, I went ahead and checked the "enforce https" box for www.sympy.org.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

I know how to fix that error in https://sympy.org. I thought I already did. So let me investigate.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

Ok, so to fix that error, one must make sure to include the 4 IP addresses here: https://help.github.com/articles/troubleshooting-custom-domains/#https-errors, and I have done that some time ago for sympy.org. That fixed the problem that time. However, now the problem is there again. So not sure what is causing it.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

I removed and re-added the custom domain in github's settings.

This still fails: https://sympy.org. The setting seems to be identical to this: https://theoretical-physics.com/, which works.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

Maybe the custom domain needs to be sympy.org instead of www.sympy.org?

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

No, the custom domain needs to be www.sympy.org, just like the custom domain is www.theoretical-physics.com.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

Here is why github recommends to use the www subdomain: https://help.github.com/articles/about-supported-custom-domains/#www-subdomains

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

That page you linked says "It can take up to an hour for your GitHub Pages site to become available over HTTPS after you add and correctly configure your custom domain." So let's wait a bit and see if it works.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

Ok, I think that is probably it. I can't find any other difference between the configurations.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

I just tried setting it up with my website asmeurer.com and it's the same thing. https://asmeurer.com fails with invalid cert (the same one as https://sympy.org). http://asmeurer.com works just fine. Previously I just had a basic URL redirect from asmeurer.com to www.asmeurer.com.

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

We might need to contact github support. I don't know what is going on. It's supposed to work, and it does for https://theoretical-physics.com/.

@isuruf

This comment has been minimized.

Copy link
Member

isuruf commented Aug 24, 2018

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

@isuruf the issue is https://sympy.org (without the www).

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

Let's wait 24 hours, just in case it is some caching issue, and then contact GitHub support. The probably won't get back to us until Monday anyway.

@isuruf

This comment has been minimized.

Copy link
Member

isuruf commented Aug 24, 2018

From https://help.github.com/articles/setting-up-an-apex-domain-and-www-subdomain/

Warning: If your domain has HTTPS enforcement enabled, GitHub Pages' servers will not automatically route redirects. You must configure www subdomain and root domain redirects with your domain registrar.

@isuruf

This comment has been minimized.

Copy link
Member

isuruf commented Aug 24, 2018

Maybe above might help

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

That is how I had it before, with my site asmeurer.com. It was just a URL record to www.asmeurer.com. But with that, www.asmeurer.com was served over https, but https://asmeurer.com just didn't load.

That page does say you can configure www.sympy.org or sympy.org, and the other will redirect to it. So maybe we should try changing the GitHub pages domain to sympy.org?

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

I tried changing the site for my site from www.asmeurer.com to asmeurer.com. The "enforce https" box unchecked and said

Not yet available for your site because the certificate has not finished being issued.
Please allow 24 hours for this process to complete. (asmeurer.com)
HTTPS provides a layer of encryption that prevents others from snooping on or tampering with traffic to your site.
When HTTPS is enforced, your site will only be served over HTTPS. Learn more.

(also it broke my site, so let's not do this for sympy.org!)

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

Hmm, after changing it back, https://asmeurer.com now works. I don't know if it just happened to get fixed, or if my moving it around triggered the cert being issued.

@asmeurer

This comment has been minimized.

Copy link
Member Author

asmeurer commented Aug 24, 2018

OK, I did the same for sympy, and now it works! https://sympy.org redirects to https://www.sympy.org/en/index.html. I guess the support site was a little ambiguous. You have to reenter the GitHub pages domain, because that is what triggers the cert to be issued. So if you want both www.sympy.org and sympy.org you have to enter them both.

I agree with @certik that we should keep it www.

So I believe this issue can now be closed. All SymPy domains now support HTTPS, and loading them over HTTP automatically redirects them to https.

If anyone finds any issues with HTTPS, or knows of any SymPy sites that aren't being served over HTTPS, let me know. The following SymPy domains should be working over HTTPS:

sympy.org
www.sympy.org
docs.sympy.org
planet.sympy.org
live.sympy.org
gamma.sympy.org
sympygamma.com
www.sympygamma.com

@asmeurer asmeurer closed this Aug 24, 2018

@certik

This comment has been minimized.

Copy link
Member

certik commented Aug 24, 2018

@asmeurer I see. I might have done that with https://theoretical-physics.com/ and forgot about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.