# Support https #105

Closed
opened this Issue Feb 23, 2018 · 26 comments

Projects
None yet
4 participants
Member

### asmeurer commented Feb 23, 2018

 GitHub is apparently supporting https for custom domains now. The enforce checkbox can be checked, although for me it doesn't actually do anything (it still allows http). For SymPy, https://www.sympy.org/ gives mixed content warnings because of several http resources: Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Open+Sans:300,400,700|Gentium+Basic'. This request has been blocked; the content must be served over HTTPS. index.html:109 Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://www.sympygamma.com/input/'. This endpoint should be made available over a secure connection. cb=gapi.loaded_0:221 Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://accounts.google.com') does not match the recipient window's origin ('https://www.sympy.org'). (anonymous) @ cb=gapi.loaded_0:221 index.html:1 Mixed Content: The page at 'https://www.sympy.org/en/index.html' was loaded over HTTPS, but requested an insecure stylesheet 'http://fonts.googleapis.com/css?family=Open+Sans:300,400,700|Gentium+Basic'. This request has been blocked; the content must be served over HTTPS.  These should be easy enough to fix. We should also fix the other sites (sympy docs, sympy gamma, and sympy live).
Member Author

### asmeurer commented Feb 23, 2018

 SymPy Live and SymPy Gamma aren't served over GitHub pages, so that would be a separate thing to fix (they don't presently work over https at all).

Closed

Contributor

### normalhuman commented Feb 26, 2018

 Also, docs.sympy.org loads several stylesheets from live.sympy.org. I don't see why; when the stylesheets get blocked by the browser, the pages look as they normally do. As far as docs.sympy.org is concerned, the main issue is the outdated MathJax link, besides being http it points to a long-retired CDN. I'll try to correct this when I manage to clone sympy_doc, which turned out to be quite a heavy repo to clone.
Member Author

### asmeurer commented Feb 26, 2018

 It might be possible to have https on live as well. We need to look into it.

Closed

Member Author

### asmeurer commented Mar 7, 2018

 Looking into https for SymPy Live and SymPy Gamma. It looks like Google provides a certificate (https://cloud.google.com/appengine/docs/standard/python/securing-custom-domains-with-ssl), but we have to set up the custom domains. It looks like live.sympy.org and gamma.sympy.org are not registered in the Google Cloud dashboard. www.sympygamma.com is registered, but it doesn't let me modify it (it says I don't own it). @certik do you still have admin access to these domains, or will we need to fix this through NumFOCUS? Here is the relevant dashboard page https://console.cloud.google.com/appengine/settings/domains?project=sympy-gamma-hrd&serviceId=default (and https://console.cloud.google.com/appengine/settings?project=sympy-live-hrd&serviceId=default for SymPy Live)

Closed

Member Author

### asmeurer commented Aug 24, 2018

 OK, now HTTPS works and is required for SymPy Live and SymPy Gamma, and it works for sympy.org (sympy/sympy_gamma#111). One final problem, is that https://sympy.org gives an invalid cert error (as opposed to https://www.sympy.org). I don't know if it can be fixed.
Member Author

### asmeurer commented Aug 24, 2018

 Anyway, I went ahead and checked the "enforce https" box for www.sympy.org.
Member

### certik commented Aug 24, 2018

 I know how to fix that error in https://sympy.org. I thought I already did. So let me investigate.
Member

### certik commented Aug 24, 2018

 Ok, so to fix that error, one must make sure to include the 4 IP addresses here: https://help.github.com/articles/troubleshooting-custom-domains/#https-errors, and I have done that some time ago for sympy.org. That fixed the problem that time. However, now the problem is there again. So not sure what is causing it.
Member

### certik commented Aug 24, 2018

 I removed and re-added the custom domain in github's settings. This still fails: https://sympy.org. The setting seems to be identical to this: https://theoretical-physics.com/, which works.
Member Author

### asmeurer commented Aug 24, 2018

 Maybe the custom domain needs to be sympy.org instead of www.sympy.org?
Member

### certik commented Aug 24, 2018

 No, the custom domain needs to be www.sympy.org, just like the custom domain is www.theoretical-physics.com.
Member

### certik commented Aug 24, 2018

 Here is why github recommends to use the www subdomain: https://help.github.com/articles/about-supported-custom-domains/#www-subdomains
Member Author

### asmeurer commented Aug 24, 2018

 That page you linked says "It can take up to an hour for your GitHub Pages site to become available over HTTPS after you add and correctly configure your custom domain." So let's wait a bit and see if it works.
Member

### certik commented Aug 24, 2018

 Ok, I think that is probably it. I can't find any other difference between the configurations.
Member Author

### asmeurer commented Aug 24, 2018

 I just tried setting it up with my website asmeurer.com and it's the same thing. https://asmeurer.com fails with invalid cert (the same one as https://sympy.org). http://asmeurer.com works just fine. Previously I just had a basic URL redirect from asmeurer.com to www.asmeurer.com.
Member

### certik commented Aug 24, 2018

 We might need to contact github support. I don't know what is going on. It's supposed to work, and it does for https://theoretical-physics.com/.
Member

### isuruf commented Aug 24, 2018

 https://www.sympy.org/en/index.html works for me
Member Author

### asmeurer commented Aug 24, 2018

 @isuruf the issue is https://sympy.org (without the www).
Member Author

### asmeurer commented Aug 24, 2018

 Let's wait 24 hours, just in case it is some caching issue, and then contact GitHub support. The probably won't get back to us until Monday anyway.
Member

### isuruf commented Aug 24, 2018

 Warning: If your domain has HTTPS enforcement enabled, GitHub Pages' servers will not automatically route redirects. You must configure www subdomain and root domain redirects with your domain registrar.
Member

### isuruf commented Aug 24, 2018

 Maybe above might help
Member Author

### asmeurer commented Aug 24, 2018

 That is how I had it before, with my site asmeurer.com. It was just a URL record to www.asmeurer.com. But with that, www.asmeurer.com was served over https, but https://asmeurer.com just didn't load. That page does say you can configure www.sympy.org or sympy.org, and the other will redirect to it. So maybe we should try changing the GitHub pages domain to sympy.org?
Member Author

### asmeurer commented Aug 24, 2018

 I tried changing the site for my site from www.asmeurer.com to asmeurer.com. The "enforce https" box unchecked and said Not yet available for your site because the certificate has not finished being issued. Please allow 24 hours for this process to complete. (asmeurer.com) HTTPS provides a layer of encryption that prevents others from snooping on or tampering with traffic to your site. When HTTPS is enforced, your site will only be served over HTTPS. Learn more. (also it broke my site, so let's not do this for sympy.org!)
Member Author

### asmeurer commented Aug 24, 2018

 Hmm, after changing it back, https://asmeurer.com now works. I don't know if it just happened to get fixed, or if my moving it around triggered the cert being issued.
Member Author

### asmeurer commented Aug 24, 2018

 OK, I did the same for sympy, and now it works! https://sympy.org redirects to https://www.sympy.org/en/index.html. I guess the support site was a little ambiguous. You have to reenter the GitHub pages domain, because that is what triggers the cert to be issued. So if you want both www.sympy.org and sympy.org you have to enter them both. I agree with @certik that we should keep it www. So I believe this issue can now be closed. All SymPy domains now support HTTPS, and loading them over HTTP automatically redirects them to https. If anyone finds any issues with HTTPS, or knows of any SymPy sites that aren't being served over HTTPS, let me know. The following SymPy domains should be working over HTTPS: sympy.org www.sympy.org docs.sympy.org planet.sympy.org live.sympy.org gamma.sympy.org sympygamma.com www.sympygamma.com

Member

### certik commented Aug 24, 2018

 @asmeurer I see. I might have done that with https://theoretical-physics.com/ and forgot about it.