Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable https on the danse server #1827

Closed
butlerpd opened this issue Apr 25, 2021 · 4 comments
Closed

Enable https on the danse server #1827

butlerpd opened this issue Apr 25, 2021 · 4 comments
Assignees
@butlerpd
Milestone
Admin/Infrastruct...

Comments

@butlerpd
Copy link
Member

The Danse server needs to have a trusted certificate and https enabled. Browsers are getting increasingly wary of non https sites. There are many services, not all SasView using the server, but the SasView marketplace is one that does for example. So does the old trac site. There may be more? Further, UTK which hosts the machines is cracking down on security issues.

Note that there are services that allow the obtaining of the HTTPS certificate for free. See for example:
https://linuxize.com/post/secure-nginx-with-let-s-encrypt-on-ubuntu-18-04/

besides the certificate it will need to be linked to the apache web server we are using.
@bmaranville
Copy link
Contributor

There is some kind of weird rate limit on certificates from let's encrypt, so if you have more than 5 sites you want to cover with one cert, it may take time. https://community.letsencrypt.org/t/maximum-number-of-sites-on-one-certificate/10634

@butlerpd
Copy link
Member Author

That should not be a problem from what I can tell. However the link at the top was for nginx. This gives the instructions for using certbot to automate the install and renewal using the Apache web server and Ubuntu 20.04 LTS (danse 2)
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04

@butlerpd butlerpd self-assigned this May 27, 2021
@butlerpd
Copy link
Member Author

butlerpd commented Jun 5, 2021

Current status:

  • NOTE: the main www website is hosted on github under github.io and has already had https enforced. However, the sphinx documentation has to be served from a different repo because of conflicts with using jekyll. That repo has now also been set to enforce https as part of resolving this issue.
  • danse2 is now set up with a certificat from let-s-encrypt with auto renew
  • new.smallangles.net is currently the only service registered.
  • As soon as @krzywon finishes with his work on the marketplace and @butlerpd finishes with the canSAS services move to danse2 those will be added to the certificate.

At that point we should consider this ticket closed. I don't think we should try to add https certification to dans1 which is still running lts 14! Instead we should be executing on the server upgrade project described in issue SasView/sasmeta#7 and in particular for this topic under phase II of the wiki pages for upgrading our servers by moving all services off of danse which can then have new drives installed and be upgraded to the latest Ubuntu.

@lucas-wilkins
Copy link
Contributor

"At that point we should consider this ticket closed." ---->

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@butlerpd butlerpd

Labels
None yet
Projects
None yet
Milestone
Admin/Infrastructure/support Tasks
Development

No branches or pull requests
3 participants
@bmaranville @lucas-wilkins @butlerpd