Open leerho opened 7 years ago
This is because it is hosted on github pages, which doesn't support https for custom domains: https://help.github.com/articles/securing-your-github-pages-site-with-https/. Fwiw http://static.druid.io/ (where we release artifacts) doesn't support https either, since it's hosted on S3 which also doesn't support https for custom domains. CloudFront does though.
At Imply we moved https://imply.io/ from github pages to self hosting on EC2, and https://static.imply.io/ from S3 to CloudFront so we could support https on both. We'd happy to help out with migrating druid.io and static.druid.io as well. That could just mean sharing what we did to migrate our domains, but we would also be happy to do the work ourselves and donate the servers and bandwidth for hosting.
Some notes on what should work for the two druid.io domains, based on what worked for us:
static.druid.io
This procedure is pretty straightforward, so we might as well do it first. This domain hosts our release artifacts, so that'll at least give people confidence that the distribution is being downloaded securely.
druid.io
bundle exec jekyll build
and uploads the generated content to the S3 bucket, & run it either manually or automaticallySome reasons we might want to not choose CloudFront for druid.io:
The reason in favor of CloudFront is obvious, it's simpler than setting up EC2 instances.
Github now supports SSL for github pages with custom domains: https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
Attempting to reference pages of the website using https:// will fail. Example:
datasketches-aggregators
Many corporations are now requiring browsers automatically block non-secure sites.
I suggest the Druid team place a priority on getting this fixed.