Hacker News new | ask | show | jobs
by mdewinter 3603 days ago
I'm behind https://cipherli.st, together with some friends. IMHO there is no reason not to have HTTPS everywhere, especially now Let's Encrypt exists. I did think and discuss a lot with people on how 'strong' the page is, and if we might want to change that. The page is targeted at sysadmins who I expect to do at least some research before bluntly copy-pasting config files off somewhere, there are enough warnings on the page.
2 comments
laumars 3603 days ago
I'm not normally someone who complains about other people's designs but is there a chance you could fade the watermark a lot more? It's still quite bold and immensely distracting which makes it harder to read the content (or at least it does me, but being dyslexic I do have to concentrate harder with reading blocks of text anyway).

That aside, your site looks at valuable resource. Thank you for publishing it.

link
BinaryIdiot 3603 days ago
> IMHO there is no reason not to have HTTPS everywhere, especially now Let's Encrypt exists

I don't want to disagree with you but I do. I most certainly agree that HTTPS must be everywhere and it's easier than ever before. Where I disagree comes with less experienced developers. I can write a quick PHP / Rails / Node / whatever web server to show some website real fast, deploy by uploading it to a shared hosting package or something fancier like elastic beanstalk, and it's done and up there. Yes it's on HTTP but it's so easy. Now you want to add HTTPS to it? It's not easy. Let's Encrypt makes some aspects of it easier but until the amount of fiction is similar to the process of deploying HTTP you'll never see HTTPS ubiquity in my opinion.

link
okket 3603 days ago
> Now you want to add HTTPS to it? It's not easy.

Try Caddy with automatic HTTPS [0] in reverse proxy mode [1].

[0] https://caddyserver.com/docs/automatic-https

[1] https://caddyserver.com/docs/proxy

link
Teichopsia 3603 days ago
Pardon my ignorance, but as a complete beginner how do you hook that up with a python (flask / gunicorn) app?
link
okket 3603 days ago
Run the python process on a different port and let Caddy act as a proxy, forwarding requests from the original port to it. As described in the second (proxy) link.
link
pg_is_a_butt 3603 days ago
i use let's encrypt on google app engine... it took less than 5 minutes. google could very easily automate it for everyone, but that removes the direct verification between domain owners and certificate authorities.

granted, you're already giving up this control when you host with any 3rd party, but the CAs are being reckless if they encourage it.

link