End-to-end encryption

Question

End-to-end encryption

nathany opened this issue 8 years ago · comments

Right now I'm using CloudFlare with Flexible SSL. I would like to do better, especially if I ever have any user forms on a site.

Flexible SSL: There is an encrypted connection between your website visitors and CloudFlare, but not from CloudFlare to your server.

S3 supports HTTPS, but only for subdomains without dots in them (eg. hugo-deploy but not nathany.com).

However, S3's static website hosting doesn't appear to support HTTPS.

https://hugo-deploy.s3.amazonaws.com/index.html works
https://hugo-deploy.s3-website-us-east-1.amazonaws.com doesn't resolve

Nathan Youngman · Answer 1 · Fri Jul 22 2016 11:02:03 GMT+0800 (China Standard Time)

As far as I can tell, it's the same situation for Google Cloud Storage. And with GCS there is the question of whether or not the site would be available everywhere, as well as not having CDN $ pricing.

Amazon CloudFront may do the trick, if cache is invalidated automatically in s3up (nathany/s3up#6), but it lacks HTTP/2.

An alternative is to run Caddy on a server somewhere (Google Container Engine, Digital Ocean, Linode) with Let's Encrypt for the certs. With or without CloudFlare in front.

Nathan Youngman · Answer 2 · Sun Sep 11 2016 05:15:31 GMT+0800 (China Standard Time)

https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-cloudfront-now-supports-http2/

Nathan Youngman · Answer 3 · Fri Nov 17 2017 23:22:30 GMT+0800 (China Standard Time)

CloudFront and ACM: https://github.com/dcarley/dan.carley.co/tree/master/terraform

Nathan Youngman · Answer 4 · Fri Nov 17 2017 23:23:21 GMT+0800 (China Standard Time)

https://github.com/pkazmierczak/piotrkazmierczak.com/blob/master/.travis.yml