Open dajinchu opened 5 years ago
100% agree. There is actually a setting in CloudFlare to do this too I just turned it on.
However, if we ever have an issue with certbot (eg. cert expires or something) we will have to turn this setting off to be able to connect to the site with http and to get a new cert.
We can also totally do this at nginx level too - certbot actually added some settings to the nginx config to redirect http to https.
Y'all could also investigate AWS Elastic application load balancer or other products for sure!
Plan is to use Elastic Beanstalk. Sub tasks:
[ ] Move Elasticsearch to own VM (done)
[ ] Make Travis directly index documents into Elasticsearch
[ ] Get rid of public JSONs, replace with a real API (can't serve these JSONs because Elastic Beanstalk applications reset the file system after new deployments. We could serve them via S3, but really it makes more sense just to offer an API to get all that data that is consistent with the class format we use in the search API) #101
No need to handle the http=>https at the express level. We should handle that at the NGINX level, which is separates concerns and would be more efficient.
Alternatively, we could also use AWS Elastic application load balancer which would handle the https redirect, as well as the entire SSL cert process. This would be an opportunity to reduce the complexity of our application code!