Comments (12)
DreamHost will issue free (with automatic updates) certs from let's encrypt: https://www.dreamhost.com/blog/2016/01/20/free-ssltls-certificates-at-dreamhost-with-lets-encrypt/
Even with this I still think it's worth adding cloudflare for the CDN-around-the-world bonus.
from docs.
@jess-edwards: Seems like this is something we'll need to coordinate with DivisionOf?
from docs.
We can do the cloudflare thing without talking to them at all, since it's DNS settings, and we control those (well, I hope we do).
from docs.
this has been on my plate. We also need to figure out the migration story for the blog, that may cause issues if we keep the blog and the rest of the site on separate hosts.
@jseldess: no DivisionOf involvement necessary, we have admin accounts on dreamhost and control the dns settings anyway.
from docs.
@mjibson @mberhault Why do we need to put https on the entire website? There's no login/user info and no financial information shared. Seems unnecessary but I'm open to hearing justification.
from docs.
there's login for the wordpress admin thing. We'll also have binaries at some point, and probably with a checksum listed on the website to verify third-party downloads, those should be behind SSL.
But in general, https is a good thing.
from docs.
@jess-edwards There's no technical reason we need HTTPS for the website. It does provide a reasonable amount of safety, though, if people are downloading binaries to run on their machine. If they are more certain that the link on the website and the binary it links to are served over HTTPS, the chance of it containing something bad is lower. This is all pretty theoretical, but possible.
A stronger reason is social. People developing web apps today who are considering cockroachdb are in the forefront of technology, and may well enjoy trying lots of new technologies. There has been lots of work in the HTTPS and crypto front lately (HTTP2, let's encrypt, cloudflare universal SSL, SHA1 deprecation, OpenSSL/BoringSSL, keybase.io) and so it is reasonable to assume these people simply value HTTPS. As in, they trust and value sites that allow HTTPS more than others. Supporting HTTPS is like waving a flag to these people that we get who they are and what they value, and we can help provide that. Rather, not having HTTPS is saying the opposite: that there's a big part of the things they value that we don't value, and thus haven't done.
from docs.
See this tweet from today, for example:
https://twitter.com/SwiftOnSecurity/status/704331207178190850
from docs.
It's important for pages that offer download links to be on HTTPS. It doesn't matter too much whether the entire site is HTTPS or not, but once we have HTTPS for part of it, why not all of it? HTTPS will probably actually speed things up since Chrome will only use HTTP/2 for HTTPS, and Google has said they plan to consider HTTPS as a positive sign in ranking. For comparison, mongodb and mysql's sites are all HTTPS, although rethinkdb and postgresql's are not.
If we're 100% HTTPS we can also use HSTS for extra security.
from docs.
I think we're all agreed then.
I enabled secure hosting with free certs from Let's Encrypt on dreamhost a few hours back, but we're still in that limbo where things haven't been pushed yet or they're broken. I'll keep checking.
from docs.
Sounds good to me.
from docs.
This is done, minus a few absolute image links still pointing to http, but I'm fixing those.
We now have https://www.cockroachlabs.com, which is automatically re-directed to when you hit any of http://www.cockroachlabs.com, http://cockroachlabs.com, or https://cockroachlabs.com
from docs.
Related Issues (20)
- Feedback: AS OF SYSTEM TIME does not make relationship clear to enterprise-license-only follower reads
- Feedback: Install CockroachDB on Windows
- v24.1 release notes should mention expected increase in memory usage HOT 1
- Feedback: cockroach start HOT 5
- Feedback: SQL Shell HOT 1
- FOR UPDATE docs reference cluster setting instead of session variable
- security: remove cert-principal-map parameter from client commands HOT 1
- Feedback: Functions and Operators - gen_salt function missing details
- Feedback: Feedback: Functions and Operators - crypt function missing implementation details
- TEST: testing issue
- Feedback: cockroach start - incorrect statement about --join flag
- Feedback: Physical Cluster Replication - wrong cluster specified for pausing or canceling schedule on changefeeds after cutover HOT 7
- Document `SHOW BACKUP CONNECTION <location>`
- Feedback: CockroachDB Cloud Access Management (Authorization) Overview - missing info for Cluster Operator role about controlling network access (such as IP allowlisting)
- Feedback: Production Checklist HOT 2
- Feedback: Troubleshoot Self-Hosted Setup - Replication issues HOT 1
- Shannon testing HOT 2
- Feedback: Use Math Powers to describe INT ranges of values.
- Feedback: Take and Restore Encrypted Backups: needs more details about GCM implementation
- Feedback: Cluster Single Sign-on (SSO) using JSON web tokens (JWTs)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs.