https for geomoose.org

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

https for geomoose.org

James Klassen-2
I have enabled https on the *.geomoose.org sites.  Besides generally
being considered a good idea lately, and Let's Encrypt making it trivial
and free to do so, the motivation is that some features in GeoMoose 3.0,
most notably the "Find Me", are blocked by Chrome if they don't
originate from an a site served by https.

This does cause some warnings and blocking now from pulling things in
from non-https external sites.

The FOSS4G image hosted at mapserver.org has no https equivalent that I
have found.  We could self host as an easy work around.

The Google maps API in 2.x is pulled in using
http://maps.googleapis.com  and not https://maps.googleapis.com (or
//maps.googleapis.com).

OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)

ArcGIS 9.3 Rest Example is pulled in using http.

Weather Radar is pulled in using http.

These will require a patches to all the active 2.x series branches so
they are picked up in the demo.

There is probably more, but this is what I found in a quick test.  I
haven't checked if the remote sites are available over https or not.  If
they are not, are the mixed-content warnings acceptable?

Other thoughts?

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Dan Little-2
Sorry this is only a partial answer...

We can move almost all of that stuff to schemaless urls.  Simply remove "http:" from the URL and they'll automatically switch between http and https.

On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
I have enabled https on the *.geomoose.org sites.  Besides generally
being considered a good idea lately, and Let's Encrypt making it trivial
and free to do so, the motivation is that some features in GeoMoose 3.0,
most notably the "Find Me", are blocked by Chrome if they don't
originate from an a site served by https.

This does cause some warnings and blocking now from pulling things in
from non-https external sites.

The FOSS4G image hosted at mapserver.org has no https equivalent that I
have found.  We could self host as an easy work around.

The Google maps API in 2.x is pulled in using
http://maps.googleapis.com  and not https://maps.googleapis.com (or
//maps.googleapis.com).

OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)

ArcGIS 9.3 Rest Example is pulled in using http.

Weather Radar is pulled in using http.

These will require a patches to all the active 2.x series branches so
they are picked up in the demo.

There is probably more, but this is what I found in a quick test.  I
haven't checked if the remote sites are available over https or not.  If
they are not, are the mixed-content warnings acceptable?

Other thoughts?

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc


_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Eli Adam
On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:

> Sorry this is only a partial answer...
>
> We can move almost all of that stuff to schemaless urls.  Simply remove
> "http:" from the URL and they'll automatically switch between http and
> https.
>
> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>
>> I have enabled https on the *.geomoose.org sites.  Besides generally
>> being considered a good idea lately, and Let's Encrypt making it trivial

Yes, good to use https, also if we use https, that is useful testing
for people who want to run with https.

Let's Encrypt is good but we need to have our automated renewal
working well.  Some sites seem to never figure that out and are always
down because of it.

>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>> most notably the "Find Me", are blocked by Chrome if they don't
>> originate from an a site served by https.
>>
>> This does cause some warnings and blocking now from pulling things in
>> from non-https external sites.
>>
>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>> have found.  We could self host as an easy work around.

Seems that this should be hosted on http://2017.foss4g.org/ but that
isn't https either.

>>
>> The Google maps API in 2.x is pulled in using
>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>> //maps.googleapis.com).
>>
>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>
>> ArcGIS 9.3 Rest Example is pulled in using http.
>>
>> Weather Radar is pulled in using http.
>>
>> These will require a patches to all the active 2.x series branches so
>> they are picked up in the demo.
>>
>> There is probably more, but this is what I found in a quick test.  I
>> haven't checked if the remote sites are available over https or not.  If
>> they are not, are the mixed-content warnings acceptable?

If we are demonstrating an https instance, that doesn't really do it.

>>
>> Other thoughts?

https is sometimes slower which could make the demo look slow but it
still seems plenty fast to me testing (although with many images http
that isn't really testing anything).

Thanks for doing this Jim.

Eli

>>
>> _______________________________________________
>> geomoose-psc mailing list
>> [hidden email]
>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>
>
>
> _______________________________________________
> geomoose-psc mailing list
> [hidden email]
> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2


On 05/25/2017 06:51 PM, Eli Adam wrote:
> Yes, good to use https, also if we use https, that is useful testing
> for people who want to run with https.
Good point.
>
> Let's Encrypt is good but we need to have our automated renewal
> working well.  Some sites seem to never figure that out and are always
> down because of it.
Yeah, I know.  I've moved most of the other sites I manage to Let's
Encrypt and it can be a hassle.  In particular, I've been bit by
auto-renew failing and then using up the request quota and thus not
being able to renew.  Generally I get emails when renewals are near if
they haven't auto-renewed.
>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>> have found.  We could self host as an easy work around.
> Seems that this should be hosted on http://2017.foss4g.org/ but that
> isn't https either.
We should probably should just self host.

>
>>> The Google maps API in 2.x is pulled in using
>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>> //maps.googleapis.com).
>>>
>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>
>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>
>>> Weather Radar is pulled in using http.
>>>
>>> These will require a patches to all the active 2.x series branches so
>>> they are picked up in the demo.
>>>
>>> There is probably more, but this is what I found in a quick test.  I
>>> haven't checked if the remote sites are available over https or not.  If
>>> they are not, are the mixed-content warnings acceptable?
> If we are demonstrating an https instance, that doesn't really do it.
The options as I see them are:
  * We don't do https and live with browser restrictions on things like
the Geolocation API [1][2].
  * We setup proxies to the external sites (with all the security
issues, probable TOS issues, and making the demo harder to setup for others)
  * We live with mixed-content warnings for the layers with no https
equivalent source.


They are all not ideal and I think the latter might be the least intrusive.
> https is sometimes slower which could make the demo look slow but it
> still seems plenty fast to me testing (although with many images http
> that isn't really testing anything).
I haven't really tested the difference, but with Keep-Alives enabled the
TLS overhead doesn't seem to be very noticeable and most of the recent
articles on the topic say that TLS overhead is a non-issue on modern
hardware.

[1]
https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only

[2] https://w3c.github.io/webappsec-secure-contexts/

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2
In reply to this post by Eli Adam
Looks like the "OpenStreetMap - Black and White" layer is the only one
that isn't available over https.  I have updated the rest of the
externally referenced layers in master as well as the google maps API
and copied the foss4g2017 logo internally.


On 05/25/2017 06:51 PM, Eli Adam wrote:

> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>> Sorry this is only a partial answer...
>>
>> We can move almost all of that stuff to schemaless urls.  Simply remove
>> "http:" from the URL and they'll automatically switch between http and
>> https.
>>
>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>> being considered a good idea lately, and Let's Encrypt making it trivial
> Yes, good to use https, also if we use https, that is useful testing
> for people who want to run with https.
>
> Let's Encrypt is good but we need to have our automated renewal
> working well.  Some sites seem to never figure that out and are always
> down because of it.
>
>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>> most notably the "Find Me", are blocked by Chrome if they don't
>>> originate from an a site served by https.
>>>
>>> This does cause some warnings and blocking now from pulling things in
>>> from non-https external sites.
>>>
>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>> have found.  We could self host as an easy work around.
> Seems that this should be hosted on http://2017.foss4g.org/ but that
> isn't https either.
>
>>> The Google maps API in 2.x is pulled in using
>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>> //maps.googleapis.com).
>>>
>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>
>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>
>>> Weather Radar is pulled in using http.
>>>
>>> These will require a patches to all the active 2.x series branches so
>>> they are picked up in the demo.
>>>
>>> There is probably more, but this is what I found in a quick test.  I
>>> haven't checked if the remote sites are available over https or not.  If
>>> they are not, are the mixed-content warnings acceptable?
> If we are demonstrating an https instance, that doesn't really do it.
>
>>> Other thoughts?
> https is sometimes slower which could make the demo look slow but it
> still seems plenty fast to me testing (although with many images http
> that isn't really testing anything).
>
> Thanks for doing this Jim.
>
> Eli
>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>
>>
>> _______________________________________________
>> geomoose-psc mailing list
>> [hidden email]
>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Eli Adam
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>
_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2
Yep.

On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Dan Little-2
Should we just make a stable "foss4g-next.png" on geomoose.org?

On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
Yep.

On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>


_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2
I don't see how it matters.  It all lives in geomoose-website.git so either way it will grow the repo (by 9kB per year).

On May 27, 2017 9:49 AM, "Dan Little" <[hidden email]> wrote:
Should we just make a stable "foss4g-next.png" on geomoose.org?

On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
Yep.

On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>


_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Dan Little-2
Having it be in a consistent place ensures that we can always refer to that URL and not worry what year the image happens to represent.  Of course, the link needs to change but there's tricks around that too.

On Sat, May 27, 2017 at 10:40 AM, James Klassen <[hidden email]> wrote:
I don't see how it matters.  It all lives in geomoose-website.git so either way it will grow the repo (by 9kB per year).

On May 27, 2017 9:49 AM, "Dan Little" <[hidden email]> wrote:
Should we just make a stable "foss4g-next.png" on geomoose.org?

On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
Yep.

On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>



_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2
Once a year the URL and image needs to change.  Either way it is one line in layout.html (conference link and maybe image link) and one image in static.  I really don't see the savings.

On May 27, 2017 10:41 AM, "Dan Little" <[hidden email]> wrote:
Having it be in a consistent place ensures that we can always refer to that URL and not worry what year the image happens to represent.  Of course, the link needs to change but there's tricks around that too.

On Sat, May 27, 2017 at 10:40 AM, James Klassen <[hidden email]> wrote:
I don't see how it matters.  It all lives in geomoose-website.git so either way it will grow the repo (by 9kB per year).

On May 27, 2017 9:49 AM, "Dan Little" <[hidden email]> wrote:
Should we just make a stable "foss4g-next.png" on geomoose.org?

On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
Yep.

On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]> wrote:
> Looks like the "OpenStreetMap - Black and White" layer is the only one
> that isn't available over https.  I have updated the rest of the
> externally referenced layers in master as well as the google maps API
> and copied the foss4g2017 logo internally.

Looks like this was for 2.# demo, not 3.0.

Eli

>
>
> On 05/25/2017 06:51 PM, Eli Adam wrote:
>> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]> wrote:
>>> Sorry this is only a partial answer...
>>>
>>> We can move almost all of that stuff to schemaless urls.  Simply remove
>>> "http:" from the URL and they'll automatically switch between http and
>>> https.
>>>
>>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]> wrote:
>>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>>> being considered a good idea lately, and Let's Encrypt making it trivial
>> Yes, good to use https, also if we use https, that is useful testing
>> for people who want to run with https.
>>
>> Let's Encrypt is good but we need to have our automated renewal
>> working well.  Some sites seem to never figure that out and are always
>> down because of it.
>>
>>>> and free to do so, the motivation is that some features in GeoMoose 3.0,
>>>> most notably the "Find Me", are blocked by Chrome if they don't
>>>> originate from an a site served by https.
>>>>
>>>> This does cause some warnings and blocking now from pulling things in
>>>> from non-https external sites.
>>>>
>>>> The FOSS4G image hosted at mapserver.org has no https equivalent that I
>>>> have found.  We could self host as an easy work around.
>> Seems that this should be hosted on http://2017.foss4g.org/ but that
>> isn't https either.
>>
>>>> The Google maps API in 2.x is pulled in using
>>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>>> //maps.googleapis.com).
>>>>
>>>> OpenStreetMap is pulled in from XYZ using http (defined in the mapbook)
>>>>
>>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>>>
>>>> Weather Radar is pulled in using http.
>>>>
>>>> These will require a patches to all the active 2.x series branches so
>>>> they are picked up in the demo.
>>>>
>>>> There is probably more, but this is what I found in a quick test.  I
>>>> haven't checked if the remote sites are available over https or not.  If
>>>> they are not, are the mixed-content warnings acceptable?
>> If we are demonstrating an https instance, that doesn't really do it.
>>
>>>> Other thoughts?
>> https is sometimes slower which could make the demo look slow but it
>> still seems plenty fast to me testing (although with many images http
>> that isn't really testing anything).
>>
>> Thanks for doing this Jim.
>>
>> Eli
>>
>>>> _______________________________________________
>>>> geomoose-psc mailing list
>>>> [hidden email]
>>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>>
>>>
>>> _______________________________________________
>>> geomoose-psc mailing list
>>> [hidden email]
>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>




_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

Eli Adam
In reply to this post by Dan Little-2
On Sat, May 27, 2017 at 7:49 AM, Dan Little <[hidden email]> wrote:
> Should we just make a stable "foss4g-next.png" on geomoose.org?

I've always wanted this to be done on the FOSS4G level on foss4g.org!

There is the link issue that Jim raises, (unless going to foss4g.org
where they have to click through to the current year) but still we are
expecting dozens or even hundreds of projects and sites to update an
image.  Doesn't it just make sense to change the image in one place
and update all those sites with that single change?

From the land of handcrafted artisanal website image and link updates, Eli

>
> On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
>>
>> Yep.
>>
>> On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
>>>
>>> On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]>
>>> wrote:
>>> > Looks like the "OpenStreetMap - Black and White" layer is the only one
>>> > that isn't available over https.  I have updated the rest of the
>>> > externally referenced layers in master as well as the google maps API
>>> > and copied the foss4g2017 logo internally.
>>>
>>> Looks like this was for 2.# demo, not 3.0.
>>>
>>> Eli
>>>
>>> >
>>> >
>>> > On 05/25/2017 06:51 PM, Eli Adam wrote:
>>> >> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]>
>>> >> wrote:
>>> >>> Sorry this is only a partial answer...
>>> >>>
>>> >>> We can move almost all of that stuff to schemaless urls.  Simply
>>> >>> remove
>>> >>> "http:" from the URL and they'll automatically switch between http
>>> >>> and
>>> >>> https.
>>> >>>
>>> >>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]>
>>> >>> wrote:
>>> >>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>> >>>> being considered a good idea lately, and Let's Encrypt making it
>>> >>>> trivial
>>> >> Yes, good to use https, also if we use https, that is useful testing
>>> >> for people who want to run with https.
>>> >>
>>> >> Let's Encrypt is good but we need to have our automated renewal
>>> >> working well.  Some sites seem to never figure that out and are always
>>> >> down because of it.
>>> >>
>>> >>>> and free to do so, the motivation is that some features in GeoMoose
>>> >>>> 3.0,
>>> >>>> most notably the "Find Me", are blocked by Chrome if they don't
>>> >>>> originate from an a site served by https.
>>> >>>>
>>> >>>> This does cause some warnings and blocking now from pulling things
>>> >>>> in
>>> >>>> from non-https external sites.
>>> >>>>
>>> >>>> The FOSS4G image hosted at mapserver.org has no https equivalent
>>> >>>> that I
>>> >>>> have found.  We could self host as an easy work around.
>>> >> Seems that this should be hosted on http://2017.foss4g.org/ but that
>>> >> isn't https either.
>>> >>
>>> >>>> The Google maps API in 2.x is pulled in using
>>> >>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>> >>>> //maps.googleapis.com).
>>> >>>>
>>> >>>> OpenStreetMap is pulled in from XYZ using http (defined in the
>>> >>>> mapbook)
>>> >>>>
>>> >>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>> >>>>
>>> >>>> Weather Radar is pulled in using http.
>>> >>>>
>>> >>>> These will require a patches to all the active 2.x series branches
>>> >>>> so
>>> >>>> they are picked up in the demo.
>>> >>>>
>>> >>>> There is probably more, but this is what I found in a quick test.  I
>>> >>>> haven't checked if the remote sites are available over https or not.
>>> >>>> If
>>> >>>> they are not, are the mixed-content warnings acceptable?
>>> >> If we are demonstrating an https instance, that doesn't really do it.
>>> >>
>>> >>>> Other thoughts?
>>> >> https is sometimes slower which could make the demo look slow but it
>>> >> still seems plenty fast to me testing (although with many images http
>>> >> that isn't really testing anything).
>>> >>
>>> >> Thanks for doing this Jim.
>>> >>
>>> >> Eli
>>> >>
>>> >>>> _______________________________________________
>>> >>>> geomoose-psc mailing list
>>> >>>> [hidden email]
>>> >>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> geomoose-psc mailing list
>>> >>> [hidden email]
>>> >>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>> >
>
>
_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: https for geomoose.org

James Klassen-2
Ideally, foss4g.org would have a stable link that redirects to the appropriate conference site and a stable set of logo images URLs (for different sizes and formats).  At least the images should be available over https.  That way projects could set it up once and be done with it.

Note: this would also gives OSGeo an in to track activity on its project's sites based on the referer header on the image requests.



On May 29, 2017 00:13, "Eli Adam" <[hidden email]> wrote:
On Sat, May 27, 2017 at 7:49 AM, Dan Little <[hidden email]> wrote:
> Should we just make a stable "foss4g-next.png" on geomoose.org?

I've always wanted this to be done on the FOSS4G level on foss4g.org!

There is the link issue that Jim raises, (unless going to foss4g.org
where they have to click through to the current year) but still we are
expecting dozens or even hundreds of projects and sites to update an
image.  Doesn't it just make sense to change the image in one place
and update all those sites with that single change?

From the land of handcrafted artisanal website image and link updates, Eli

>
> On Fri, May 26, 2017 at 7:39 PM, James Klassen <[hidden email]> wrote:
>>
>> Yep.
>>
>> On May 26, 2017 18:29, "Eli Adam" <[hidden email]> wrote:
>>>
>>> On Thu, May 25, 2017 at 7:23 PM, Jim Klassen <[hidden email]>
>>> wrote:
>>> > Looks like the "OpenStreetMap - Black and White" layer is the only one
>>> > that isn't available over https.  I have updated the rest of the
>>> > externally referenced layers in master as well as the google maps API
>>> > and copied the foss4g2017 logo internally.
>>>
>>> Looks like this was for 2.# demo, not 3.0.
>>>
>>> Eli
>>>
>>> >
>>> >
>>> > On 05/25/2017 06:51 PM, Eli Adam wrote:
>>> >> On Thu, May 25, 2017 at 4:53 AM, Dan Little <[hidden email]>
>>> >> wrote:
>>> >>> Sorry this is only a partial answer...
>>> >>>
>>> >>> We can move almost all of that stuff to schemaless urls.  Simply
>>> >>> remove
>>> >>> "http:" from the URL and they'll automatically switch between http
>>> >>> and
>>> >>> https.
>>> >>>
>>> >>> On Wed, May 24, 2017 at 10:24 PM, Jim Klassen <[hidden email]>
>>> >>> wrote:
>>> >>>> I have enabled https on the *.geomoose.org sites.  Besides generally
>>> >>>> being considered a good idea lately, and Let's Encrypt making it
>>> >>>> trivial
>>> >> Yes, good to use https, also if we use https, that is useful testing
>>> >> for people who want to run with https.
>>> >>
>>> >> Let's Encrypt is good but we need to have our automated renewal
>>> >> working well.  Some sites seem to never figure that out and are always
>>> >> down because of it.
>>> >>
>>> >>>> and free to do so, the motivation is that some features in GeoMoose
>>> >>>> 3.0,
>>> >>>> most notably the "Find Me", are blocked by Chrome if they don't
>>> >>>> originate from an a site served by https.
>>> >>>>
>>> >>>> This does cause some warnings and blocking now from pulling things
>>> >>>> in
>>> >>>> from non-https external sites.
>>> >>>>
>>> >>>> The FOSS4G image hosted at mapserver.org has no https equivalent
>>> >>>> that I
>>> >>>> have found.  We could self host as an easy work around.
>>> >> Seems that this should be hosted on http://2017.foss4g.org/ but that
>>> >> isn't https either.
>>> >>
>>> >>>> The Google maps API in 2.x is pulled in using
>>> >>>> http://maps.googleapis.com  and not https://maps.googleapis.com (or
>>> >>>> //maps.googleapis.com).
>>> >>>>
>>> >>>> OpenStreetMap is pulled in from XYZ using http (defined in the
>>> >>>> mapbook)
>>> >>>>
>>> >>>> ArcGIS 9.3 Rest Example is pulled in using http.
>>> >>>>
>>> >>>> Weather Radar is pulled in using http.
>>> >>>>
>>> >>>> These will require a patches to all the active 2.x series branches
>>> >>>> so
>>> >>>> they are picked up in the demo.
>>> >>>>
>>> >>>> There is probably more, but this is what I found in a quick test.  I
>>> >>>> haven't checked if the remote sites are available over https or not.
>>> >>>> If
>>> >>>> they are not, are the mixed-content warnings acceptable?
>>> >> If we are demonstrating an https instance, that doesn't really do it.
>>> >>
>>> >>>> Other thoughts?
>>> >> https is sometimes slower which could make the demo look slow but it
>>> >> still seems plenty fast to me testing (although with many images http
>>> >> that isn't really testing anything).
>>> >>
>>> >> Thanks for doing this Jim.
>>> >>
>>> >> Eli
>>> >>
>>> >>>> _______________________________________________
>>> >>>> geomoose-psc mailing list
>>> >>>> [hidden email]
>>> >>>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> geomoose-psc mailing list
>>> >>> [hidden email]
>>> >>> https://lists.osgeo.org/mailman/listinfo/geomoose-psc
>>> >
>
>

_______________________________________________
geomoose-psc mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/geomoose-psc
Loading...