Closed cwilkers closed 11 months ago
@cwilkers If I am not wrong, we use Netlify right? so I guess we have to make this change in the Netlify dashboard itself, and if we use GitHub pages, we can enforce https from the GitHub pages section in the repo settings 😶
@adithyaakrishna Yes, we do use netlify... I don't recall seeing a control for http/https in the UI, but I could have missed it.
@aburdenthehand could you check to see if this is an easy checkbox kind of thing to do?
@cwilkers Do we have an SSL certificate by Let's Encrypt issued on netlify? I manage a domain for an NGO and here's how the HTTPS settings look like
We also can force redirect using a netlify config file, netlify.toml
Ref Link: https://docs.netlify.com/configure-builds/file-based-configuration/#redirects
Also, do we have the Enforce HTTPS option enabled for GitHub Pages? Here it is enabled by default but if we are using a custom domain (which in case of kubevirt, I guess we are) we might have to enable this too
On Tue, Mar 21, 2023 at 7:12 AM Adithya Krishna @.***> wrote:
@cwilkers https://github.com/cwilkers Do we have an SSL certificate by Let's Encrypt issued on netlify? I manage a domain for an NGO and here's how the HTTPS settings look like
Yes, that part is set up through Netlify correctly (I didn't set it up, but I have access to our netlify)
We also can force redirect using a netlify config file, netlify.toml Ref Link: https://docs.netlify.com/configure-builds/file-based-configuration/#redirects
Ah, thank you for that link, I'll go check...
Hmm, having checked, I think this is more complicated than a quick checkbox setting. Our site is in two parts, kubevirt.io and kubevirt.io/user-guide. These are two separate repos, under the same domain name. Neither site is officially telling netlify that its domain name is kubevirt.io, so netflify is not handling the "custom domain" features. I would want to talk to support at Netlify to see how to proceed, lest I accidentally turn on something that drops half our site from the net. :-) ((and right before KubeVirt summit, I might add!))
Also, do we have the Enforce HTTPS option enabled for GitHub Pages? Here it is enabled by default but if we are using a custom domain (which in case of kubevirt, I guess we are) we might have to enable this too
[image: Screenshot 2023-03-21 at 5 41 06 PM] https://user-images.githubusercontent.com/23498248/226602084-cb05812e-54c8-4e77-994f-9aa880552314.png
I think because we're using netlify to deploy, the github pages functionality is not used. Does my thinking here make sense?
— Reply to this email directly, view it on GitHub https://github.com/kubevirt/kubevirt.github.io/issues/884#issuecomment-1477732234, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFKRM4XLLYXW63HIKCQLL53W5GLKJANCNFSM6AAAAAATVVDDGY . You are receiving this because you were mentioned.Message ID: @.***>
-- Chandler Wilkerson, RHCE, CKA Sr. Software Engineer
Red Hat
It took going to DNS, but now I understand better what's going on with the website. We are using Gh-pages, so it is worth checking that the enforce https setting is enabled in both repos. I don't have admin access on either repo, so I will follow up with those who do. Also, we may need a PR to handle examples that currently pull from http for things like our example VM, etc.
On Tue, Mar 21, 2023 at 9:46 AM Chandler Wilkerson @.***> wrote:
On Tue, Mar 21, 2023 at 7:12 AM Adithya Krishna @.***> wrote:
@cwilkers https://github.com/cwilkers Do we have an SSL certificate by Let's Encrypt issued on netlify? I manage a domain for an NGO and here's how the HTTPS settings look like
Yes, that part is set up through Netlify correctly (I didn't set it up, but I have access to our netlify)
We also can force redirect using a netlify config file, netlify.toml Ref Link: https://docs.netlify.com/configure-builds/file-based-configuration/#redirects
Ah, thank you for that link, I'll go check...
Hmm, having checked, I think this is more complicated than a quick checkbox setting. Our site is in two parts, kubevirt.io and kubevirt.io/user-guide. These are two separate repos, under the same domain name. Neither site is officially telling netlify that its domain name is kubevirt.io, so netflify is not handling the "custom domain" features. I would want to talk to support at Netlify to see how to proceed, lest I accidentally turn on something that drops half our site from the net. :-) ((and right before KubeVirt summit, I might add!))
Also, do we have the Enforce HTTPS option enabled for GitHub Pages? Here it is enabled by default but if we are using a custom domain (which in case of kubevirt, I guess we are) we might have to enable this too
[image: Screenshot 2023-03-21 at 5 41 06 PM] https://user-images.githubusercontent.com/23498248/226602084-cb05812e-54c8-4e77-994f-9aa880552314.png
I think because we're using netlify to deploy, the github pages functionality is not used. Does my thinking here make sense?
— Reply to this email directly, view it on GitHub https://github.com/kubevirt/kubevirt.github.io/issues/884#issuecomment-1477732234, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFKRM4XLLYXW63HIKCQLL53W5GLKJANCNFSM6AAAAAATVVDDGY . You are receiving this because you were mentioned.Message ID: @.***>
-- Chandler Wilkerson, RHCE, CKA Sr. Software Engineer
Red Hat
-- Chandler Wilkerson, RHCE, CKA Sr. Software Engineer
Red Hat
@cwilkers As you can see Netlify a risk in the CICD chain for many reasons so it's use should be limited to the preview job only. Prow script handles the production build and branch to gh-pages. GitHub serves from branch gh-pages.
gh-pages can be cranky tho. See this stackoverflow link - https://stackoverflow.com/questions/54817253/github-pages-https-www-redirect
Tell Fabian to upgrade you and Andrew to maintainer for kubevirt.github.io and user-docs repo. That'll be a Prow thing. Prow is doing config management on all the KubeVirt GitHub projects.
@fabiand @dhiller Could we get the force HTTPS option turned on for both kubevirt.github.io and user-guide?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Thanks to @brianmcarey, we have now enabled force HTTPS on GH for both kubevirt.github.io and user-guide repos. In our testing it is working as expected. (Tested in Firefox, Chrome, and Brave) Please raise a bug if you have experience to the contrary.
http://kubevirt.io/ should redirect to https://kubevirt.io/ but it currently does not.