[geomoose-psc] https for geomoose.org

Jim Klassen klassen.js at gmail.com
Thu May 25 19:23:37 PDT 2017 

Looks like the "OpenStreetMap - Black and White" layer is the only one
that isn't available over https.  I have updated the rest of the
externally referenced layers in master as well as the google maps API
and copied the foss4g2017 logo internally.


On 05/25/2017 06:51 PM, Eli Adam wrote:
> On Thu, May 25, 2017 at 4:53 AM, Dan Little <theduckylittle at gmail.com> wrote:
>> Sorry this is only a partial answer...
>>
>> We can move almost all of that stuff to schemaless urls.  Simply remove
>> "http:" from the URL and they'll automatically switch between http and
>> https.
>>
>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <klassen.js at gmail.com> wrote:
>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>> being considered a good idea lately, and Let's Encrypt making it trivial
> Yes, good to use https, also if we use https, that is useful testing
> for people who want to run with https.
>
> Let's Encrypt is good but we need to have our automated renewal
> working well.  Some sites seem to never figure that out and are always
> down because of it.
>
>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>> most notably the "Find Me", are blocked by Chrome if they don't
>>> originate from an a site served by https.
>>>
>>> This does cause some warnings and blocking now from pulling things in
>>> from non-https external sites.
>>>
>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>> have found.  We could self host as an easy work around.
> Seems that this should be hosted on http://2017.foss4g.org/ but that
> isn't https either.
>
>>> The Google maps API in 2.x is pulled in using
>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>> //maps.googleapis.com).
>>>
>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>
>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>
>>> Weather Radar is pulled in using http.
>>>
>>> These will require a patches to all the active 2.x series branches so
>>> they are picked up in the demo.
>>>
>>> There is probably more, but this is what I found in a quick test.  I
>>> haven't checked if the remote sites are available over https or not.  If
>>> they are not, are the mixed-content warnings acceptable?
> If we are demonstrating an https instance, that doesn't really do it.
>
>>> Other thoughts?
> https is sometimes slower which could make the demo look slow but it
> still seems plenty fast to me testing (although with many images http
> that isn't really testing anything).
>
> Thanks for doing this Jim.
>
> Eli
>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> geomoose-psc at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>
>>
>> _______________________________________________
>> geomoose-psc mailing list
>> geomoose-psc at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc

More information about the geomoose-psc mailing list