Page MenuHomeSoftware Heritage

Support HTTPS on gandi-hosted redirections
Open, NormalPublic

Description

Gandi web forwards, which we're using to redirect people from some domain names to the adequate web page, now support HTTPS.

There is a recurrent but very very slow stream of people wondering why https doesn't work on the domains where we're using these forwardings. As Gandi now supports it it makes sense to try to enable it.

Here are the currently enabled redirects :

The implementation of HTTPS redirects currently needs SSL certificate access on the Gandi interface. Apparently, only @rdicosmo has access to this on softwareheritage.org. I also have no idea about the billing implications.

All things considered, the most flexible solution very well may be putting these on a reverse-proxy that we're managing, rather than relying on Gandi.

Event Timeline

olasd triaged this task as Low priority.Feb 27 2019, 1:58 PM
olasd created this task.
olasd updated the task description. (Show Details)Feb 27 2019, 2:01 PM
olasd added a comment.Apr 1 2019, 5:39 PM

As an extra datapoint in favor of using our own reverse proxy, it seems that the IP address for gandi's web redirect thing is blacklisted by some ISPs in Russia: https://lists.gnu.org/archive/html/guix-devel/2019-04/msg00000.html

rdicosmo raised the priority of this task from Low to Normal.Aug 23 2019, 4:17 PM

It turns out we can create https redirection easily, ans Gandi provides free SSL certificates for single domain redirections on domains hosted by them.
This has been tested on the new http+https redirection from save.softwareheritage.org to https://archive.softwareheritage.org/save, and should now be put in place for all the other redirections.
@olasd, may you add the info on the account that has the proper right for this?