Switch janusgraph.org to HTTPS

[mbrukman]

Right now, JanusGraph website can only be served via http://janusgraph.org because the DNS configuration is incorrect (https://janusgraph.org shows an invalid certificate error).

Specifically, what we need is to get the A record for janusgraph.org to point to the following set of IP addresses: 185.199.108.153, 185.199.109.153, 185.199.110.153, and 185.199.111.153 .

Here's the correct configuration for docs.janusgraph.org:

$ dig +noall +answer docs.janusgraph.org
docs.janusgraph.org.    1731    IN  CNAME   janusgraph.github.io.
janusgraph.github.io.   3532    IN  A   185.199.111.153
janusgraph.github.io.   3532    IN  A   185.199.108.153
janusgraph.github.io.   3532    IN  A   185.199.110.153
janusgraph.github.io.   3532    IN  A   185.199.109.153

Here's the incorrect configuration for janusgraph.org:

$ dig +noall +answer janusgraph.org
janusgraph.org.     1798    IN  A   192.30.252.154
janusgraph.org.     1798    IN  A   192.30.252.153

An email sent to helpdesk@rt.linuxfoundation.org returned with an auto-response, telling me that it's no longer monitored and does not auto-create tickets. Instead, I was directed to use The Linux Foundation's Jira service instead, so that's the next step.

[mbrukman]

Filed https://jira.linuxfoundation.org/browse/WEB-318 .

[mbrukman]

The WEB-318 ticket was addressed as mentioned above, and we can now access https://janusgraph.org without invalid certificate errors, so we're all set here.

Besides manual testing, I found that an SSL certificate checker also shows the certificate as being valid, so we are good to go here. Now, we just have to modify the links everywhere to refer to an HTTPS URL and use that format consistently.

Since use of HTTPS is also a search ranking signal, this change might also improve JanusGraph's ranking in search results!

[chupman]

Hey @mbrukman. Thanks for fixing the cert. One thing that might want to be fixed still is that https://www.janusgraph.org does not work. Both http://www.janusgraph.org and http://janusgraph.org redirect nicely to https://janusgraph.org. The biggest hurdle to add this is that it looks like the SSL cert would have to be re-issued to cover www. as well.

[mbrukman]

@chupman — the HTTP redirect (www.janusgraph.org -> janusgraph.org) is being handled by The Linux Foundation, so presumably, they would have to get the SSL cert for www.janusgraph.org to be able to serve that redirect on HTTPS as well and keep it renewed, or it will break.

I don't know if they have the automation infrastructure that GitHub has to be able to do this via Let's Encrypt, and I'm not sure whether it's worth burdening them with a manual process, or ask them to keep buying certs from the various SSL cert vendors (and they're a non-profit), given that we don't actually use this domain, and it's not referenced in any of our docs, and never shows up in any search results. (Also, personally, I think www.* domains are an anachronism, and who actually types them in manually anyway? It's just foo.com or bar.org or quux.xyz, etc.)

So, that said, do you think it's worthwhile to ask The Linux Foundation to do this? I think you can tell which way I'm leaning here, but am willing to be convinced otherwise.

[porunov]

@mbrukman Thank you very much for fixing it. I've changed all protocols from http to https in wikipedia articles. I am also interested to know if certificates renewal is automated. Or if the renewal will be handled by someone. Let's encrypt issues certificates for 3 months only. If the process isn't automated then I could help automate it.

[mbrukman]

@porunov wrote:

@mbrukman Thank you very much for fixing it.

My pleasure!

I've changed all protocols from http to https in wikipedia articles.

Great, thanks! Did you already commit that change, or do you want to send a PR for review?

I am also interested to know if certificates renewal is automated. Or if the renewal will be handled by someone. Let's encrypt issues certificates for 3 months only.

Yes, it's automated by GitHub, and they've been managing it for docs.janusgraph.org since launch, so this will work as well.

[porunov]

@mbrukman ,

Great, thanks! Did you already commit that change, or do you want to send a PR for review?

I think I wasn't clear. I didn't change protocols in JanusGraph documentation. I've just changed links in Wikipedia articles of JanusGraph. I.e. : English version, Chinese version, Russian version, Ukrainian version.

Yes, it's automated by GitHub, and they've been managing it for docs.janusgraph.org since launch, so this will work as well.

That's really great!

[mbrukman]

@porunov wrote:

Great, thanks! Did you already commit that change, or do you want to send a PR for review?

I think I wasn't clear. I didn't change protocols in JanusGraph documentation. I've just changed links in Wikipedia articles of JanusGraph. I.e. : English version, Chinese version, Russian version, Ukrainian version.

Thank you very much for doing that!

Sorry, I misunderstood. I think we have a bunch of non-HTTPS URLs (definitely Apache, and possibly Wikipedia as well) in our own website, which should be converted to HTTPS as well at some point.

[porunov]

Agree. We should convert those urls to https.

[porunov]

@mbrukman There are also a places where we should change links to https which don't require a commit.
The first link is placed in GitHub near the project description in the main repository: The second link is placed in the JanusGraph organization page in GitHub:

Also, same as with first link there are links near descriptions with http protocol used in https://github.com/JanusGraph/janusgraph.org and https://github.com/JanusGraph/docs.janusgraph.org repositories.

[mbrukman]

@porunov, great job tracking all of these down! Thank you for documenting them all so clearly. I've fixed all of them; please take a look and let me know if I've missed anything.

[porunov]

@mbrukman Thank you for fixing those URLs! Fixes looks good.