[arlk]

or Cloudflare. Just a couple origin hits and your site is served via CDN for free, fast and secure.

[tasogare]

Definitively no. I set up my own personal page on a VPS precisely to avoid LinkedIn, Google Scholar, Research Gate or any third party service being in control of my public face. Using another service would defeat that purpose.

[pmontra]

You are probably using a VPS running on someone else server, through many networks. (So do I.) Any of those can MITM your traffic. Maybe you're also using apt/yum to keep the VPS up-to-date. Is adding Letsencrypt to the list such a burden? Or maybe you're only against Cloudflare. I go with Letsencrypt.

[a3n]

Is github on your list?

[tristador]

How do you secure the link between Cloudflare and your HTTP only site?

[michaelbuckbee]

This is very hosting service-specific - some hosts will expose your server via a generated and wildcard cert encrypted connection (ex: Heroku and their appname.herokuapp.com).

CF also allows for self-signed certs: https://blog.cloudflare.com/origin-server-connection-securit... - which are (to me) more complicated than standard certs.

The real game changer in all of this is LetsEncrypt which has become the defacto option for services with huge amounts of custom domains (Shopify, Hubspot, Wordpress) etc.

[rahuldottech]

It's complicated, but basically... You don't. It's much better to just set up Let's Encrypt. Takes <15 minutes.

[rahuldottech]

This is bad advice. See this comment: https://news.ycombinator.com/item?id=22146854