Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Druid project website is not secure #372

Open
leerho opened this issue Jan 23, 2017 · 3 comments
Open

Druid project website is not secure #372

leerho opened this issue Jan 23, 2017 · 3 comments

Comments

@leerho
Copy link

leerho commented Jan 23, 2017

Attempting to reference pages of the website using https:// will fail. Example:

datasketches-aggregators

Many corporations are now requiring browsers automatically block non-secure sites.

I suggest the Druid team place a priority on getting this fixed.
@gianm
Copy link
Member

gianm commented Jan 23, 2017

This is because it is hosted on github pages, which doesn't support https for custom domains: https://help.github.com/articles/securing-your-github-pages-site-with-https/. Fwiw http://static.druid.io/ (where we release artifacts) doesn't support https either, since it's hosted on S3 which also doesn't support https for custom domains. CloudFront does though.

At Imply we moved https://imply.io/ from github pages to self hosting on EC2, and https://static.imply.io/ from S3 to CloudFront so we could support https on both. We'd happy to help out with migrating druid.io and static.druid.io as well. That could just mean sharing what we did to migrate our domains, but we would also be happy to do the work ourselves and donate the servers and bandwidth for hosting.

@gianm
Copy link
Member

gianm commented Jan 24, 2017

Some notes on what should work for the two druid.io domains, based on what worked for us:

static.druid.io

  • S3 bucket can stay static.druid.io
  • Set up an SSL cert using AWS Certificate Manager
  • Set up a CloudFront distribution using that cert, with CNAME static.druid.io, and HTTP and HTTPS behaviors
  • Set up an ALIAS record in Route 53 from static.druid.io to the CloudFront distribution

This procedure is pretty straightforward, so we might as well do it first. This domain hosts our release artifacts, so that'll at least give people confidence that the distribution is being downloaded securely.

druid.io

  • Set up an S3 bucket that will hold the static content for the site
  • Write a script that does bundle exec jekyll build and uploads the generated content to the S3 bucket, & run it either manually or automatically
  • For hosting there are a couple options: either CloudFront (similar to static.druid.io) or self-hosting with nginx on EC2. We can use AWS Certificate Manager certs either way, since with self-hosting we can still use ELB to terminate SSL.

Some reasons we might want to not choose CloudFront for druid.io:

The reason in favor of CloudFront is obvious, it's simpler than setting up EC2 instances.

@gianm gianm mentioned this issue Feb 13, 2017
Closed
5 tasks
@yuppie-flu
Copy link

Github now supports SSL for github pages with custom domains:
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gianm @yuppie-flu @leerho