Support SSL on AWS-based buttonmen sites #2712
Conversation
cgolubi1
commented
Apr 3, 2021
cgolubi1
commented
- Fixes access to the site should use SSL #224
cgolubi1
changed the title
|
I put a dev site up at https://makeshift.dev.buttonweavers.com/ui/ The only thing that's complicated about this is that in order to configure LetsEncrypt/certbot, you need to know the public FQDN of the site, because that's what LetsEncrypt is going to use to reach out and verify the cert it's providing, not to mention that the FQDN is tied to the provided cert. That caused two problems:
I opted to solve this by putting the FQDN in an EC2 instance tag, for sites that have one that we care about (dev sites, staging, prod). I'll add this tag one-time for staging and prod, and i updated my existing dev site tagging utility script to add it for dev sites. If that tag can be found, we have certbot use it, and we're off to the races. If not, we use the dummy sandbox.buttonweavers.com name, and don't try to configure certbot. I tested this on virtualbox, and on the aforementioned dev site, and it worked on both. The only thing that's a little irritating is that it takes a few minutes for instance tags to become consistent and thus queryable by a new instance, so typically a new dev site doesn't get its fqdn the first time. That's not a big deal --- with the current setup, provisioning succeeds (it just doesn't setup SSL), and rerunning Folks should check out the dev site and see if anything behaves badly/oddly. It should work just fine both at https:// and at http:// |
|
I've taken a look at this. I can play a move on the https site, view a discussion thread, log out, and log back in---all pages remaining as https://... Similarly, when I log in under http, everything remains http and is responsive. I'm happy to try this out. |
|
If I go to buttonweavers.com, not www.buttonweavers.com, I get a certificate mismatch. |
|
Maybe this should be linked to #1097, which deals with somewhat similar issues. |
