SSL?

[davisshaver]

Not worried about the security of the content as much as the potential Google Chrome nags in coming months about unsecure pages. Any thought what we'd need to do to support SSL (or even if you'd want to)?

My first batch of notes are here, https://davisshaver.com/2017/09/08/setting-up-pagepark-to-corral-my-unused-domains/, smooth sailing so far! ⛵️

[scripting]

I understand. I haven't yet tried to use PagePark with SSL, but I would be interested in finding out what it takes to do so and what if anything needs to change in the server. I'll post a link to this on Scripting News and see if anyone has tried this.

BTW, from reading your post, publicfolder is not a web server. It runs exclusively on the desktop not on the server. But it gives me some ideas on how it might work with PagePark. ;-)

[scotthansonde]

I'm not familiar with Elastic Beanstalk, but I think the standard way to do this is put a reverse proxy in front of the app to handle the SSL, then the app itself doesn't need any changes. Just for fun I put an instance of river5 behind an SSL proxy (nginx running on the same virtual server as river5). I haven't really maintained it, but it still works :-) https://river5.papascott.de
I can try this with PagePark, I'm pretty sure it would work just as well.

[jsavin]

We’ve done this with projects at the agency I work at, and it works well. It can also run on a separate server, and IIRC you can use the proxy as a mid-layer cache and scale it up to essentially make yourself a high-capacity CDN that limits traffic to the back-end app. I haven’t done it personally, but projects I’ve worked on have used this approach. HTH, -Jake

…

On Sep 8, 2017, at 10:42 AM, Scott Hanson ***@***.***> wrote: I'm not familiar with Elastic Beanstalk, but I think the standard way to do this is put a reverse proxy in front of the app to handle the SSL, then the app itself doesn't need any changes. Just for fun I put an instance of river5 behind an SSL proxy (nginx running on the same virtual server as river5). I haven't really maintained it, but it still works :-) https://river5.papascott.de <https://river5.papascott.de/> I can try this with PagePark, I'm pretty sure it would work just as well. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#6 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABvqgsn1IySE1vn372s-9_y3SGb8Ymm4ks5sgXx8gaJpZM4PQ990>.

[davisshaver]

I looked into this today, thanks to @papascott and @jsavin for weighing in, I was able to solve it outside of pagePark. That said, I unwittingly bought a regular SSL cert when I would have needed a multi-domain cert to make this work in my use case. So I'll close this for now but share any more findings I get.

[davisshaver]

Cloudfront (AWS) ended up working well for this. They have a feature similar to Cloudflare's for upgrading all requests to SSL. In my case, I also added a cname & SSL cert to the load balancer so that the user->Cloudflare & Cloudflare>Load balancer & Load balancer -> Server should all be using 443

[scripting]

Could you guys have a look at this post. scripting/myWordEditor#4 It's an SSL issue. I don't have a test system that I can investigate this on. Dave

…

On Sun, Sep 17, 2017 at 1:20 PM, davisshaver ***@***.***> wrote: Cloudfront (AWS) ended up working well for this. They have a feature similar to Cloudflare's for upgrading all requests to SSL. In my case, I also added a cname & SSL cert to the load balancer so that the user->Cloudflare & Cloudflare>Load balancer & Load balancer -> Server should all be using 443 — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#6 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABm9O1ixSzbj7Tp0FLPOuT14EXZQOlaTks5sjVTtgaJpZM4PQ990> .

[scotthansonde]

Sure, I can take a quick look. BTW ngrok is a cool tool to test SSL on localhost. If you're running a web service locally, it will tunnel it to the internet and generate a random URL on both http and https (for free and without having to sign up).