Closed chorsley closed 7 years ago
rufuspollock
commented
8 years ago AFAICT there is no easy way to set up https properly on github custom domains 😦 - see e.g. https://github.com/isaacs/github/issues/156. We can use cloudflare or similar or we could move to gitlab which seems to support this.
aaronkaplan
commented
8 years ago Yurie has a new CERT. It needs to be installed on the info site's config via Atomatic.
Mobile
On 23.10.2016, at 05:40, Chris Horsley notifications@github.com wrote:
Accessing https://www.cybergreen.net/ gives SSL cert errors. The common name in the cert has been issued for github.com and related sites, not cybergreen.net.
Should verify cert status, or reconfigure if present.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
rufuspollock
commented
8 years ago @aaronkaplan and @ataslim i think this is a priority to fix somehow or other since it is a very poor UX to get certificate warnings on your main website. We have two options:
aaronkaplan
commented
8 years ago I prefer the second option . Cloudflare man-in-the-middle SSL certificate is not something which will resonate nicely with our users/community. @rgrp please advise on how to deploy the site on a web server that I can commission for you.
rufuspollock
commented
7 years ago @aaronkaplan doing option 2 will be a bit of a pain in that you will no longer get continuous deployment without some effort to do a build and then push of built html to the the web server you set up (as a) this is not something we had anticipated doing b) you'd need push access to the server I'd anticipate this is something you or moto or similar would then be doing which is probably a pain for you guys).
I therefore suggest we try something like option 1. We don't have to use cloudflare AFAICT. Other options include using AWS and cloudfront: https://news.ycombinator.com/item?id=10983245 and then e.g. http://strd6.com/2016/02/github-pages-custom-domain-with-ssltls/. Most of these are pretty simple and give you full control over the SSL etc.
ataslim
commented
7 years ago Thanks guys. Spoke to Aaron today and this is to be discussed a little more during your call this week. Please let me know how that goes.
Best, Arastoo
On Sat, Nov 26, 2016 at 6:49 PM, Rufus Pollock notifications@github.com wrote:
@aaronkaplan https://github.com/aaronkaplan doing option 2 will be a bit of a pain in that you will no longer get continuous deployment without some effort to do a build and then push of built html to the the web server you set up (as a) this is not something we had anticipated doing b) you'd need push access to the server I'd anticipate this is something you or moto or similar would then be doing which is probably a pain for you guys).
I therefore suggest we try something like option 1. We don't have to use cloudflare AFAICT. Other options include using AWS and cloudfront: https://news.ycombinator.com/item?id=10983245 and then e.g. http://strd6.com/2016/02/github-pages-custom-domain-with-ssltls/. Most of these are pretty simple and give you full control over the SSL etc.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cybergreen-net/pm/issues/53#issuecomment-263093004, or mute the thread https://github.com/notifications/unsubscribe-auth/AVHzVKq1bXbRLHuH9Ry84qLIREc_gjydks5rCMWUgaJpZM4KeCjt .
rufuspollock
commented
7 years ago @ataslim: @aaronkaplan is going to get the cloudflare account and set this up (as should be "owned" by CG here). We can help wherever necessary.
rufuspollock
commented
7 years ago @aaronkaplan are you ok to do this? I think it is high priority. Maybe we could help you in doing this 😄 (or take it on in some way?)
aaronkaplan
commented
7 years ago Let's talk on the phone / call shortly. I'll be online soon again.
Mobile
On 16 Jan 2017, at 19:11, Rufus Pollock notifications@github.com wrote:
@aaronkaplan are you ok to do this? I think it is high priority. Maybe we could help you in doing this 😄 (or take it on in some way?)
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
ataslim
commented
7 years ago What was the decision here?
aaronkaplan
commented
7 years ago On 27 Jan 2017, at 15:00, ataslim notifications@github.com wrote:
What was the decision here?
nothing yet :(
Can you please push this forward with Atomatic?
I can offer a server which will host the page and will brilliantly and nicely work with proper SSL certificates and get a "A" rating on ssllabs.com
ataslim
commented
7 years ago What are the implications of a switch? How easy is the switch? Any downtime? What's the cost? How does that cost compare with cloudfare?
rufuspollock
commented
7 years ago @ataslim switching to @aaronkaplan server is not really an option. The best solution is cloudflare I think as outlined above. We need an account on cloudflare. I can help you set this up and if we can get access we can configure for you.
ataslim
commented
7 years ago Ok and in your opinion would the free plan suffice for our needs? https://www.cloudflare.com/plans/
On Fri, Jan 27, 2017 at 10:05 AM, Rufus Pollock notifications@github.com wrote:
@ataslim https://github.com/ataslim switching to @aaronkaplan https://github.com/aaronkaplan server is not really an option. The best solution is cloudflare I think as outlined above. We need an account on cloudflare. I can help you set this up and if we can get access we can configure for you.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cybergreen-net/pm/issues/53#issuecomment-275686149, or mute the thread https://github.com/notifications/unsubscribe-auth/AVHzVKdSCOYGiDUGLvh8f3363csaj-JDks5rWge0gaJpZM4KeCjt .
aaronkaplan
commented
7 years ago Why not? Are we now tied to different cloud services? Not a good plan.
Mobile
On 27 Jan 2017, at 16:05, Rufus Pollock notifications@github.com wrote:
@ataslim switching to @aaronkaplan server is not really an option. The best solution is cloudflare I think as outlined above. We need an account on cloudflare. I can help you set this up and if we can get access we can configure for you.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
aaronkaplan
commented
7 years ago On 27 Jan 2017, at 15:07, ataslim notifications@github.com wrote:
What are the implications of a switch? How easy is the switch? Any downtime? What's the cost? How does that cost compare with cloud fare?
From my side there are no real costs involved. However, I'd first need to understand the workflow of pushing a page to heroku/a web server. That's an implicit requirement by using herokuapp and all the tool stack which Atomatic uses. If the tools run on a simple web server just as well, it would be rather easy IMHO.
-> Need to discuss with Rufus.
aaronkaplan
commented
7 years ago On 27 Jan 2017, at 15:07, ataslim notifications@github.com wrote:
What are the implications of a switch? How easy is the switch? Any downtime? What's the cost? How does that cost compare with cloud fare?
From my side there are no real costs involved. However, I'd first need to understand the workflow of pushing a page to heroku/a web server. That's an implicit requirement by using herokuapp and all the tool stack which Atomatic uses. If the tools run on a simple web server just as well, it would be rather easy IMHO.
aaronkaplan
commented
7 years ago @rufus. Regarding your comment "@ataslim switching to @aaronkaplan server is not really an option." . It is an option.
rufuspollock
commented
7 years ago @aaronkaplan as i noted in chat we discussed this at some length back in Dec and decided on cloudflare option. Happy to discuss again 😄
zelima
commented
7 years ago Moving to backlog From current milestone for now
rufuspollock
commented
7 years ago Clearing assignee for time being.
aaronkaplan
commented
7 years ago By now twitter is making fun of us...
rufuspollock
commented
7 years ago FIXED. With DNS switch to cloudflare in #89 this now "just works" 😄 🎱
Accessing https://www.cybergreen.net/ gives SSL cert errors. The common name in the cert has been issued for github.com and related sites, not cybergreen.net.
Should verify cert status, or reconfigure if present.