|
|
|
|
|
|
by jmdeon
2183 days ago
|
|
|
If you load the site again it should be using tls. I opted to separate concerns and threw Cloudflare(free tier) in front of it. You might be wondering, well okay its encrypted between my browser and Cloudflare but what about the connection between the Cloudflare proxy server and s3? To solve that I used the s3 api endpoint instead of the website endpoint which supports tls. I turned Cloudflare's tls setting to full which uses tls between proxy and origin but allows for a self-signed cert from the origin. So its encrypted from browser to proxy to s3 api. As long as no one poisons the s3 api dns we should be good. |
|
|