Closed jimmythompson closed 2 years ago
@jimmythompson can we fix this? We have quite a lot of repos which point at the short form of the name (including for example in submodules).
Any update on when this will be fixed? Myself, and a lot of other volunteers use the short url.
It seems to still point at gcloud.
The DNS for srobo.org
was in Linode and (I think) still pointed at our previous Google k8s setup.
I've changed this so that the nameservers for srobo.org
are now Digital Ocean and I've (manually) added srobo.org
to Digital Ocean. It's still not really working as you now get a certificate error, however that's a lot more fixable.
@RealOrangeOne I think you expressed an interest in sorting the certificate?
An alternative would be to have our proxy return a redirect from srobo.org
to studentrobotics.org
first, rather than to https://srobo.org. Not sure if we've got HSTS preload on the domain though.
An alternative would be to have our proxy return a redirect from
srobo.org
tostudentrobotics.org
first, rather than to https://srobo.org. Not sure if we've got HSTS preload on the domain though.
Ok, looks like neither of our domains are in the HSTS preload lists according to https://hstspreload.com/. Therefore I think we should be fine to use this approach for now. Longer term I definitely think we should get srobo.org
a proper cert, but working > perfect.
Our current setup has a DigitalOcean load balancer doing TLS termination. Unfortunately they only support provisioning 1 cert per LB, and only 1 root domain per cert, meaning we'd need an additional LB.
I suspect the best way to support this would be to drop our use of k8s for deploying the website reverse proxy, and move it to a small droplet, which can deal with its own TLS termination.
$ curl -I https://srobo.org
HTTP/2 302
server: nginx/1.18.0 (Ubuntu)
date: Wed, 23 Feb 2022 23:13:01 GMT
content-type: text/html
content-length: 154
location: https://studentrobotics.org/
strict-transport-security: max-age=15768000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
Doesn't lead anywhere, and times out.
The DNS settings for this are still in Linode, and are probably worth porting here.