[Qgis-psc] Encrypting qgis sites

Tim Sutton tim at kartoza.com
Sun Nov 15 10:15:44 PST 2015 

Hi

> On 15 Nov 2015, at 18:46, Richard Duivenvoorde <richard at duif.net> wrote:
> 
> On 15-11-15 16:37, Tim Sutton wrote:
>> Hi
>> 
>>> On 15 Nov 2015, at 17:16, Paolo Cavallini <cavallini at faunalia.it
>>> <mailto:cavallini at faunalia.it>> wrote:
>>> 
>>> Hi all,
>>> what is the current state of encryption in our websites?
>>> Has someone experience with https://letsencrypt.org/howitworks/ ?
>>> Should we go down this route? I have seen some criticism about it, but
>>> overall it seems an improvement over the usual approach.
>> 
>> I’ve been watching it from the side lines - last I checked the certs
>> were not available for general consumption - maybe that is changed now…
>> 
>> I think in principle we should encrypt everything we possibly can….
> 
> I renewed our (free) certificate some months ago, and put it on our servers.
> 
> We only do https for hub.qgis.org and plugin.qgis.org login at the moment.
> 
> Not sure if we should/could encrypt everything. Already now sites are
> pretty slow. I think encrypting all would even ask more resources.

I don’t think SSL encryption adds much overhead on a modern system. See e.g. http://stackoverflow.com/questions/548029/how-much-overhead-does-ssl-impose

> Not sure what the benefit is of encrypting the documentation traffic though.

The benefit is us moving to a world where the standard is an encrypted internet with less opportunity for identity theft, deep mining of user data by nefarious government agencies etc. I think this is a basic premise of lets encrypt - to try to say ‘there is no longer any reason NOT to encrypt everything anymore’.

> 
> One of the plans is to use (at least for qgis.org and docs.qgis.org ==
> static stuff) to start useing cloudflare. Only need time or someone to
> set this up.

I can help with that - there is not much to do really - we point our name servers over to cloud flare rather than go-daddy, ensure that all the dos entries are migrated properly and then select which services we want to be CDN backed by clicking a little icons next to each DNS entry. They also provide some nice stuff lime DDOS protection, blacklisting IP’s etc.

Regards

Tim

> 
> Regards,
> 
> Richard Duivenvoorde
> 
> _______________________________________________
> Qgis-psc mailing list
> Qgis-psc at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-psc

—





Tim Sutton

Visit http://kartoza.com <http://kartoza.com/> to find out about open source:

* Desktop GIS programming services
* Geospatial web development
* GIS Training
* Consulting Services

Skype: timlinux Irc: timlinux on #qgis at freenode.net
Tim is a member of the QGIS Project Steering Committee

Kartoza is a merger between Linfiniti and Afrispatial

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: KartozaLogo160x66.png
Type: image/png
Size: 9324 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.osgeo.org/pipermail/qgis-psc/attachments/20151115/6a6d3df3/attachment.sig>

More information about the Qgis-psc mailing list