search

mvdoc / psiturk-docker

A docker-compose configuration file to run psiturk with MySQL support and a NGINX reverse proxy.
Apache License 2.0
8 stars 3 forks source link

Add certbot to get https #8

Open twiecki opened 6 years ago

twiecki commented 6 years ago

Seems like it's pretty simple to server ones experiments behind SSL using Let's Encrypt. There's also a docker container: https://github.com/staticfloat/docker-nginx-certbot

Do you think that would be feasible? I might work on this and could submit a PR if you think that's interesting.

mvdoc commented 6 years ago

I always resorted using psiturk's adserver, but indeed it would be nice to have a way of posting ads on its own. Honestly, I don't have enough working knowledge of NGINX and Let's Encrypt to know what issues might arise (if any). I think @adamliter and @deargle know much more about this.

I'd be happy to see a PR for this.

Thanks, Matteo

deargle commented 6 years ago

I just use heroku, which gives you https for free / automatically, and which has reverse proxying built in.

On Tue, Jan 16, 2018, 8:55 AM Matteo Visconti di Oleggio Castello < notifications@github.com> wrote:

I always resorted using psiturk's adserver, but indeed it would be nice to have a way of posting ads on its own. Honestly, I don't have enough working knowledge of NGINX and Let's Encrypt to know what issues might arise (if any). I think @adamliter https://github.com/adamliter and @deargle https://github.com/deargle know much more about this.

I'd be happy to see a PR for this.

Thanks, Matteo

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mvdoc/psiturk-docker/issues/8#issuecomment-358008630, or mute the thread https://github.com/notifications/unsubscribe-auth/ABHsfdU20OOC1RiZr6CJ1LE9zIVY_nJ9ks5tLMZygaJpZM4ReuBH .

adamliter commented 6 years ago

@mvdoc This isn't just a matter of the adserver. If you want to host your own adserver, then yes, you definitely need to accept HTTPS traffic, since Amazon won't show ads over HTTP. (There's some discussion of this in the psiTurk docs.)

However, even if you use the psiTurk adserver, your actual experiment isn't necessarily accessed over HTTPS, unless you've set up whatever server is serving your experiment to accept/send HTTPS traffic.

For the moment, this isn't necessarily a problem, but as browsers seem to be getting more serious about warning against (and perhaps eventually blocking by default) HTTP traffic, this could become a problem if your actual experiment isn't served over HTTPS.

As @deargle says, one option is to host on a service that sets up HTTPS for you (such as Heroku). But if you're not using such a service, then, in the long run, having HTTPS for your experiment would be good and perhaps eventually necessary. (This is what I do with Linode. Though I haven't used the certbot Docker container, I do use certbot/Let's Encrypt for my SSL certificates.)

I'd be happy to take a look at a PR if you're open to it and if @twiecki submits it, but my time is a bit limited at the moment.