Support HTTPS in lobid - Githubissues

hbz / lobid

Linking Open Bibliographic Data

https://lobid.org/

Eclipse Public License 2.0

16 stars 4 forks source link

Support HTTPS in lobid #182

Closed acka47 closed 8 years ago

acka47 commented 9 years ago

Requested on 2015-06-26 by T. Scheffler who is working on the MIR repository software. They use lobid GND API for lookup of GND persons.

If we need some advice we can ask @jschnasse who has some experience with HTTPs for hbz services.

acka47 commented 9 years ago

We will go forward like this:

[x] get the SSL certificate
[x] implement https in https://github.com/hbz/lobid-organisations
[x] Implement https for GND API endpoint (http://lobid.org/subject and http://lobid.org/person) ([Comment @dr0i:]As far as I understand it SSL works domain wide, thus we can enable https for the whole lobid.org domain but not limit to folder)
[x] Implement https for NWBib
[ ] Discuss if http should be redirected to https
[ ] Discuss how to and make a plan to switch to https in lobid-resources.

akuckartz commented 9 years ago

:+1:

acka47 commented 9 years ago

Here is a site to analyze the configuration of an SSL-Server: https://www.ssllabs.com/ssltest/analyze.html As soon as we have a first implementation we can use this for testing.

dr0i commented 9 years ago

Deployed to http://test.lobid.org and https://beta.lobid.org/.

acka47 commented 9 years ago

It works – but doesn't get the best grades, see https://www.ssllabs.com/ssltest/analyze.html?d=http%3A%2F%2Ftest.lobid.org%2F

acka47 commented 9 years ago

Chromium says:

test-lobid-ssl

I would rather have it looking like oerworldmap:

oerworldmap-ssl

This is ok for now and can be deployed as it suffices for the initial request by T. Scheffler. We will discuss on Thursday when we will work on improving it.

dr0i commented 9 years ago

We could make https as default, not allowing http at all. This would it make easier to handle the vhost apache configs. But I would argue against that, especially because of the big downloads we provide, because caching is with https no more possible. For the discussion a little bit of context.

dr0i commented 9 years ago

Deployed to production. @acka47 please ping MIR repo.

acka47 commented 9 years ago

please ping MIR repo.

Did so. Closing.

dr0i commented 8 years ago

As reported by @jschnasse, the api-URL (api.lobid.org) is not ssl enabled. @fsteeg : do we need the api subdomain at all? If we could get rid of it , we should do so, and then update the documentation at https://lobid.org/api.

fsteeg commented 8 years ago

I don't think we need the api subdomain, and it already redirects to lobid.org, see: http://api.lobid.org

So I think all we need to do is to update the documentation. Deployed to staging: http://test.lobid.org/api

dr0i commented 8 years ago

Great :)