Secure all references #2
Conversation
Thanks!
Probably just ignorance. @aterrel do you know the best way to do this? |
|
Looked into it a tiny bit more (not being familiar with Read the Docs myself), and it looks like automatic redirection is not actually supported (but is a common request): readthedocs/readthedocs.org#4641 -- too bad. |
|
FYI (and hope you don't mind): I ended up writing an HTTPS Everywhere ruleset -- EFForg/https-everywhere#17647 -- this way users of that browser add-on will be able to take advantage of the fact that all the pages are securable. This will then be mostly redundant if the readthedocs request is ever closed and you set up automatic redirects. |
|
I recommend making all references in your docs go to “//foo.dask.org” which I believe is the syntax in html for keeping the same protocol as the host url. One can create a page rule in cloudflare, but you only get 3 and then it’s $5 a month for 5 rules. So at the point you need 10 rules cheaper to just manage your own ngnix host on ec2. |
|
@aterrel Apologies in advance if I'm not following and this is just noise. Here, as I understand, the Cloudflare-managed certs are provisioned automatically (and for free) by Read The Docs. If that's he case, is it still possible for other parties (Dask in this case) to modify/add the relevant rules?
|
|
Ping @aterrel Also, I'd be happy to pay the $5/month to have dask be https by default everywhere without having to manage a box on ec2. |
|
@fuglede Cloudflare-managed certs are automatically created by Cloudflare not Read The Docs. Cloudflare then terminates the ssl connection and forwards http connection to ReadTheDocs. Cloudflare allows you to modify any redirect rules you like. |
|
Let me know who wants to manage your cloudflare account and I can add you. |
|
Well it looks like I was thinking about other things on cloudflare. For docs.dask.org it only acts as an alias so https is entirely managed by readthedocs.
|
|
so seems like I still have to set up redirects on cloudflare, as the RTD custom domain https doesn't do them. |
|
I also added a redirect rule for docs.dask.org will wait to see if that works. |
This is part PR, part question.
First of all, we secure all references to docs.dask.org and ml.dask.org, changing http to https in the cases where https wasn't already used.
I went through various randomly picked parts of https://docs.dask.org to make sure that this wouldn't cause any issues with mixed content and everything seems alright. I do wonder, though, if there's then any reason why the various dask.org subdomains do not automatically redirect to https like dask.org itself does?