GithubHelp home page GithubHelp logo

Comments (12)

strugee avatar strugee commented on August 22, 2024 1

@yeehi I am a big fan of Let's Encrypt. Big fan (see for example pump-io/pump.io#1259). However the issue here is that the website is hosted through GitHub Pages so none of us control the origin server.

Also, FWIW, there are other organizations besides the EFF involved in Let's Encrypt! See this list :)

See also isaacs/github#156 (but do NOT leave a +1 comment there; that thread has far too many of those anyway)

from pump-io.github.io.

war59312 avatar war59312 commented on August 22, 2024 1

This is pretty easy.

How to serve a custom HTTPS domain on GitHub Pages with CloudFlare: FREE, secure and performant by default: https://gist.github.com/cvan/8630f847f579f90e0c014dc5199c337b

from pump-io.github.io.

strugee avatar strugee commented on August 22, 2024

Okay, here's what this needs from Evan:

  1. Confirm that Cloudflare's DNS record importer actually got all the DNS records. I have two A records pointing to GitHub Pages, a CNAME pointing www at the root domain, and an MX on the root domain (all with automatic TTL). If there's any other records ping me and I'll add them into Cloudflare.
  2. (Assuming the DNS records are okay) change the registrar nameservers to brett.ns.cloudflare.com and miki.ns.cloudflare.com

I've set up Cloudflare in advance so it'll just roll over with no downtime.

from pump-io.github.io.

strugee avatar strugee commented on August 22, 2024

I probably should've cc'd @evanp :D

Whoops.

Opportunistic encryption will kick in immediately, which is already a win, but in order to enable full HTTPS we need to wait a bit for TLS certificates to roll out. So I'll need to manually flip on the HTTP -> HTTPS redirection.

from pump-io.github.io.

strugee avatar strugee commented on August 22, 2024

FWIW I've also whitelisted access from Tor, which is something Cloudflare is known to handle problematically.

from pump-io.github.io.

yeehi avatar yeehi commented on August 22, 2024

@strugee

Could this bug be fixed by using certificates from https://letsencrypt.org ? You might already know that this service was graciously provided by the EFF (Electronic Frontier Foundation).

from pump-io.github.io.

evanp avatar evanp commented on August 22, 2024

OK, I tried to do this, but I've got a problem getting into the account on 101domain that has the pump.io domain on it. It's registered to [email protected], and I sold the status.net domain last year!

They're sending me some confirmation info, but until then I can just copy over the A & MX records to the Rackspace DNS manager, where pump.io is being handled right now. Sound good?

from pump-io.github.io.

yeehi avatar yeehi commented on August 22, 2024

@strugee - There are many in the Free software community who object to CloudFlare for several reasons. (It could be considered a sort of proxy for the internet/Google, also there are censorship concerns behind using it.

If something like CloudFlare must be used for some reason, a couple of alternatives to consider would be PerimeterX:

https://www.perimeterx.com/

https://www.incapsula.com/

https://www.netlify.com/

from pump-io.github.io.

yanalunaterra avatar yanalunaterra commented on August 22, 2024

@strugee: https://blog.github.com/2018-05-01-github-pages-custom-domains-https/

from pump-io.github.io.

strugee avatar strugee commented on August 22, 2024

@yegortimoshenko heh, I'm aware, thanks to isaacs/github#156 :)

Right now we need @evanp to recover control of the pump.io domain.

from pump-io.github.io.

strugee avatar strugee commented on August 22, 2024

Or, I guess he can still update A records? I'll ping him on IRC soon.

from pump-io.github.io.

yanalunaterra avatar yanalunaterra commented on August 22, 2024

https://pump.io does listen on HTTPS port, but sends wrong certificate:

$ curl https://pump.io
curl: (60) SSL: no alternative certificate subject name matches target host name 'pump.io'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Here's the certificate that GitHub tries to use:

* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=*.github.com
*  start date: Mar 20 00:00:00 2017 GMT
*  expire date: Apr  7 12:00:00 2020 GMT
*  subjectAltName does not match pump.io

I think the solution is to follow step 4 here: https://help.github.com/articles/setting-up-an-apex-domain/#configuring-a-records-with-your-dns-provider

  1. Add your custom domain to your GitHub Pages site. If you're updating the IP address of an existing A record, first remove and then re-add your custom domain to the repository you’re using to publish your Pages site to trigger the process of enabling HTTPS. For more information, see "Adding or removing a custom domain for your GitHub Pages site."

It means that it should be enough to just remove CNAME file and then add it back. @strugee maybe that's a good plan, provided that you have push access?

from pump-io.github.io.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.