[geomoose-psc] https for geomoose.org

Eli Adam eadam at co.lincoln.or.us
Fri May 26 16:29:04 PDT 2017 

On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <klassen.js at gmail.com> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <theduckylittle at gmail.com> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <klassen.js at gmail.com> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> geomoose-psc at lists.osgeo.org
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> geomoose-psc at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>

More information about the geomoose-psc mailing list