[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSL for screenshots.debian.net?

Hash: SHA1

Hi Paul,

Am 11.02.2014 04:39, schrieb Paul Wise:
> The Debian sysadmins got a report of an ISP in the UK doing DNS
> hijacks for debian.org, intercepting packages.d.o requests and
> blocking access to pages about some packages. As a result the
> Debian sysadmins have added SSL to packages.d.o. Unfortunately it
> references screenshots.d.n which doesn't have SSL, which means that
> people visiting over SSL will get mixed content warnings and not be
> able to view Debian screenshots. Are you able to add an SSL
> certificate to screenshots.d.n so that the Debian sysadmins can
> enable http -> https redirects and HSTS?

Alright, I understand the problem. I'm currently in the process of
rewriting the web application behind screenshots.debian.net and expect
the new version to go beta in mid-2014. But we probably need to act
before that. Besides I don't think I'm using absolute URLs or rewrites
anywhere so the current application is probably safe.

My main concern is CPU power. The system is running on a sponsored
virtual server from the ISP Vexxhost in Canada. And at peak times the
load is already around 0.5. I can ask whether they have a kind of SSL
accelerator at their disposal. Otherwise I could just set up HTTPS at
the Apache level and see how serious the CPU usage will go up.

Regarding the certificate: does Debian have resources to buy an SSL
certificate? I usually use a free StartCom certificate for my own
purposes but I am not sure whether it is suitable for such use. I
don't think that the sponsor will donate an SSL certificate either but
I'm willing to ask.

As soon as we clarified that I will enable HTTPS at
screenshots.debian.net in no time.


Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/


Reply to: