[geomoose-psc] https for geomoose.org

Eli Adam eadam at co.lincoln.or.us
Thu May 25 16:51:27 PDT 2017 

On Thu, May 25, 2017 at 4:53 AM, Dan Little <theduckylittle at gmail.com> wrote:
> Sorry this is only a partial answer...
>
> We can move almost all of that stuff to schemaless urls.  Simply remove
> "http:" from the URL and they'll automatically switch between http and
> https.
>
> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <klassen.js at gmail.com> wrote:
>>
>> I have enabled https on the *.geomoose.org sites.  Besides generally
>> being considered a good idea lately, and Let's Encrypt making it trivial

Yes, good to use https, also if we use https, that is useful testing
for people who want to run with https.

Let's Encrypt is good but we need to have our automated renewal
working well.  Some sites seem to never figure that out and are always
down because of it.

>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>> most notably the "Find Me", are blocked by Chrome if they don't
>> originate from an a site served by https.
>>
>> This does cause some warnings and blocking now from pulling things in
>> from non-https external sites.
>>
>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>> have found.  We could self host as an easy work around.

Seems that this should be hosted on http://2017.foss4g.org/ but that
isn't https either.

>>
>> The Google maps API in 2.x is pulled in using
>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>> //maps.googleapis.com).
>>
>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>
>> ArcGIS 9.3 Rest Example is pulled in using http.
>>
>> Weather Radar is pulled in using http.
>>
>> These will require a patches to all the active 2.x series branches so
>> they are picked up in the demo.
>>
>> There is probably more, but this is what I found in a quick test.  I
>> haven't checked if the remote sites are available over https or not.  If
>> they are not, are the mixed-content warnings acceptable?

If we are demonstrating an https instance, that doesn't really do it.

>>
>> Other thoughts?

https is sometimes slower which could make the demo look slow but it
still seems plenty fast to me testing (although with many images http
that isn't really testing anything).

Thanks for doing this Jim.

Eli

>>
>> _______________________________________________
>> geomoose-psc mailing list
>> geomoose-psc at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>
>
>
> _______________________________________________
> geomoose-psc mailing list
> geomoose-psc at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/geomoose-psc

More information about the geomoose-psc mailing list