[Qgis-psc] Encrypting qgis sites
Tim Sutton
tim at kartoza.com
Sun Nov 15 10:15:44 PST 2015
Hi
> On 15 Nov 2015, at 18:46, Richard Duivenvoorde <richard at duif.net> wrote:
>
> On 15-11-15 16:37, Tim Sutton wrote:
>> Hi
>>
>>> On 15 Nov 2015, at 17:16, Paolo Cavallini <cavallini at faunalia.it
>>> <mailto:cavallini at faunalia.it>> wrote:
>>>
>>> Hi all,
>>> what is the current state of encryption in our websites?
>>> Has someone experience with https://letsencrypt.org/howitworks/ ?
>>> Should we go down this route? I have seen some criticism about it, but
>>> overall it seems an improvement over the usual approach.
>>
>> I’ve been watching it from the side lines - last I checked the certs
>> were not available for general consumption - maybe that is changed now…
>>
>> I think in principle we should encrypt everything we possibly can….
>
> I renewed our (free) certificate some months ago, and put it on our servers.
>
> We only do https for hub.qgis.org and plugin.qgis.org login at the moment.
>
> Not sure if we should/could encrypt everything. Already now sites are
> pretty slow. I think encrypting all would even ask more resources.
I don’t think SSL encryption adds much overhead on a modern system. See e.g. http://stackoverflow.com/questions/548029/how-much-overhead-does-ssl-impose
> Not sure what the benefit is of encrypting the documentation traffic though.
The benefit is us moving to a world where the standard is an encrypted internet with less opportunity for identity theft, deep mining of user data by nefarious government agencies etc. I think this is a basic premise of lets encrypt - to try to say ‘there is no longer any reason NOT to encrypt everything anymore’.
>
> One of the plans is to use (at least for qgis.org and docs.qgis.org ==
> static stuff) to start useing cloudflare. Only need time or someone to
> set this up.
I can help with that - there is not much to do really - we point our name servers over to cloud flare rather than go-daddy, ensure that all the dos entries are migrated properly and then select which services we want to be CDN backed by clicking a little icons next to each DNS entry. They also provide some nice stuff lime DDOS protection, blacklisting IP’s etc.
Regards
Tim
>
> Regards,
>
> Richard Duivenvoorde
>
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-psc
—
Tim Sutton
Visit http://kartoza.com <http://kartoza.com/> to find out about open source:
* Desktop GIS programming services
* Geospatial web development
* GIS Training
* Consulting Services
Skype: timlinux Irc: timlinux on #qgis at freenode.net
Tim is a member of the QGIS Project Steering Committee
Kartoza is a merger between Linfiniti and Afrispatial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: KartozaLogo160x66.png
Type: image/png
Size: 9324 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.sig>
More information about the Qgis-psc
mailing list