https and SSL

Skip to first unread message

Lauren Voswinkel

Aug 2, 2016, 2:57:59 PM8/2/16
to PDX Tech Calendar
Hey all,
In an effort to be more up-to-speed with current web standards, I'd love to see us get serving via https. It looks like it should be a pretty straightforward thing to do, however, the changes have to do, almost exclusively, with settings on the server it's deployed to. Primarily this involves generating an SSL cert and then opening up port 443 for access... I'm unsure of who I would have to talk to to get this work done or do this work, but I'm willing to do so or pester the right people to get this done. :)

If you just randomly stumble across this and want to poke around at the wonderful world of SSL certs... is a lovely resource.

Audrey Eschright

Aug 2, 2016, 3:01:16 PM8/2/16
to, Reid Beels
Hi Lauren,

The Calagator site is hosted by Stumptown Syndicate through their Rackspace account, and Reid has been the primary person working on that. I think adding https by default would be great. Do you know whether that would have an impact on things like our .ical feed and Google calendar features?


You received this message because you are subscribed to the Google Groups "PDX Tech Calendar" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit

Reid Beels

Aug 2, 2016, 3:23:04 PM8/2/16
to Audrey Eschright,
Hi Lauren and Audrey,

Thanks for bringing this up! I can definitely help get SSL set up for For the iCal + Google calendar feeds, it seems like we should do some testing to see if these clients handle redirects correctly. If they do, we can redirect all traffic to SSL. If not, we may want to keep those particular routes HTTP-accessible?

It seems like there are three main options:

1) Buy a cert for and install it — most paperwork; end-to-end encryption + provides verification that this is really the Calagator server; probably not necessary due to the open-access and non-sensitive nature of Calagator's content
2) Set up Let's Encrypt and use that — needs server configuration updates via to set up the letsencrypt daemon (which could be reused on other Snydicate-hosted domains); end-to-end encryption; seems fairly reasonable
3) Proxy through CloudFlare and use their SNI-based SSL feature (we recently set this up for — easiest; no server config changes; traffic encrypted from CloudFlare to client, but not from Calagator server to CloudFlare without additional config; also provides asset CDN features.

What do you think is the best route?


Perry Wagle

Aug 2, 2016, 4:41:10 PM8/2/16
to, Audrey Eschright has free certs, by the way, and is moderately easy to use.  All the cool kidz on freenode/#pdxtech use it

— Perry

Perry Wagle

Aug 2, 2016, 4:42:07 PM8/2/16
to, Audrey Eschright
Oops, didn’t read far enough, sorry for being redundant.

— Perry

Asheesh Laroia

Aug 3, 2016, 4:43:15 AM8/3/16
to, Audrey Eschright
I personally think proxying through CloudFlare is the best option for a group like Stumptown Syndicate, specifically with regard to having zero ongoing operational overhead and, therefore, zero risk of something breaking due to volunteers having other priorities.

Let's Encrypt's max cert duration is about 90 days as I recall, so someone needs to put automation in place for renewing it, or else you'll be sad 90 days from now.

Reid Beels

Aug 3, 2016, 4:13:05 PM8/3/16
to, Audrey Eschright

I went ahead and set up CloudFlare on, so is now accessible. I haven't set up any HTTP->HTTPS redirects yet, pending investigation of feed clients.

Lauren Voswinkel

Aug 3, 2016, 11:07:34 PM8/3/16
to PDX Tech Calendar,,
Thanks so much for doing this! Now my master plan to update the PDXRuby preshow slides without having to allow unsafe scripts has come to fruition. 

*evil laugh*



Thanks again~!
Reply all
Reply to author
0 new messages