HTTPS Contretemps

You’ve probably noticed that this page is not secured with HTTPS/SSL. I hopefully will rectify that soon but I’d like to point out some issues I’ve had with it.

  • SSL is pretty much required, I guess, for a serious web presence these days. (The legendary Flask microframework being the most notable exception.)
  • My understanding is that the SSL/TLS/HTTPS infrastructure depends on an IP address, so as the laws of nature dictate, if you have something working it will eventually break and due to the nature of https infrastructure it takes literally days of waiting for confirmations, receiving certificates, and what not pretty much compel you to use some sort of virtual load balancer to terminate your SSL connections if you don’t want days of downtime.
  • It’s kind of embarrassing to an extent that http://nouveaupg.com is not setup for using SSL even though it’s really an online manual. Still, my first priority when I get it back hosted on AWS (I mean it is hosted on AWS @ http://100.26.252.77/ but there is cached DNS pointing to the old server. Hopefully this doesn’t cause my many irate reviews) is to get https working there.
  • My newer project https://picoevent.io is written in Django (I’m actually hosting on Linode after becoming increasingly frustrated with AWS. Very easy to setup SSL to the load balancer, I have this configuration I’m trying where I have a Linode 4096 where I run the master DB and another Linode 2048 which is a slave DB and also runs the NGINX/uwsgi/Python stack.

This is the key part of your nginx config, you want to open port 80 on your software load balancer so potential visitors don’t get an error if they visit http://picoevent.io, so you do a 301 redirect to port 443 on the load balancer.

root /var/www/html;

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

server_name _;

if ($http_x_forwarded_proto = 'http') {
   	return 301 https://$host$request_uri;
}

Leave a Reply

Your email address will not be published. Required fields are marked *