Thread: Website is now https only - please help with testing
As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org website to be https only.
Any access with http should result in a redirect to https only. We will be deploying http strict transport security at a later date, once we have had more testing.
Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anything that does not work properly for you (especially if related to https, but please report other issues as well, as they might be "silently dependent" on the change through other backend changes bundled up with it)
It looks like HTTP/2 isn't enabled on it; you might consider it (or my test may be wrong!). On May 24, 2016, at 12:35 PM, Magnus Hagander <magnus@hagander.net> wrote: > As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org website tobe https only. > > Any access with http should result in a redirect to https only. We will be deploying http strict transport security ata later date, once we have had more testing. > > Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anythingthat does not work properly for you (especially if related to https, but please report other issues as well, as theymight be "silently dependent" on the change through other backend changes bundled up with it) > > -- > Magnus Hagander > Me: http://www.hagander.net/ > Work: http://www.redpill-linpro.com/ -- -- Christophe Pettus xof@thebuild.com
This is correct. Not supported by our current platform. We'll be going to HTTP/2 at some later point, just https for now.
//Magnus
On Tue, May 24, 2016 at 9:37 PM, Christophe Pettus <xof@thebuild.com> wrote:
It looks like HTTP/2 isn't enabled on it; you might consider it (or my test may be wrong!).
On May 24, 2016, at 12:35 PM, Magnus Hagander <magnus@hagander.net> wrote:
> As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org website to be https only.
>
> Any access with http should result in a redirect to https only. We will be deploying http strict transport security at a later date, once we have had more testing.
>
> Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anything that does not work properly for you (especially if related to https, but please report other issues as well, as they might be "silently dependent" on the change through other backend changes bundled up with it)
>
> --
> Magnus Hagander
> Me: http://www.hagander.net/
> Work: http://www.redpill-linpro.com/
Magnus Hagander <magnus@hagander.net> writes: > Speaking of testing, we'd appreciate help from others with testing the site > out at this point. So I have bookmarks for http://archives.postgresql.org/pgsql-hackers/ http://archives.postgresql.org/pgsql-general/ which don't work anymore --- I get a page with the usual decoration but the body is Not FoundThe URL you specified does not exist. Changing the bookmark to "https" fixes that, so there's something wrong with the auto redirection. regards, tom lane
On Wed, May 25, 2016 at 4:56 AM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Magnus Hagander <magnus@hagander.net> writes:
> Speaking of testing, we'd appreciate help from others with testing the site
> out at this point.
So I have bookmarks for
http://archives.postgresql.org/pgsql-hackers/
http://archives.postgresql.org/pgsql-general/
which don't work anymore --- I get a page with the usual decoration
but the body is
Not Found
The URL you specified does not exist.
Changing the bookmark to "https" fixes that, so there's something wrong
with the auto redirection.
That was indeed broken - the order of checks were wrong. Should've checked hostname before ssl, but did it in the other order.
Should be fixed now.
> On 24 May 2016, at 21:35, Magnus Hagander <magnus@hagander.net> wrote: > > As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org website tobe https only. > > Any access with http should result in a redirect to https only. We will be deploying http strict transport security ata later date, once we have had more testing. > > Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anythingthat does not work properly for you (especially if related to https, but please report other issues as well, as theymight be "silently dependent" on the change through other backend changes bundled up with it) A little late to the party, but I just noticed that developer.postgresql.org doesn’t work over https while all the other x.postgresql.org sites do (a file residing there was linked in a README). Is that intentional? cheers ./daniel
On Wed, Sep 7, 2016 at 5:31 PM, Daniel Gustafsson <daniel@yesql.se> wrote:
> On 24 May 2016, at 21:35, Magnus Hagander <magnus@hagander.net> wrote:
>
> As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org website to be https only.
>
> Any access with http should result in a redirect to https only. We will be deploying http strict transport security at a later date, once we have had more testing.
>
> Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anything that does not work properly for you (especially if related to https, but please report other issues as well, as they might be "silently dependent" on the change through other backend changes bundled up with it)
A little late to the party, but I just noticed that developer.postgresql.org
doesn’t work over https while all the other x.postgresql.org sites do (a file
residing there was linked in a README). Is that intentional?
It's not intentional and it's not wrong. Basically we haven't gotten to that box yet. It's only the main website that's 100% there, there are still TODO items left on the others.
> On 07 Sep 2016, at 17:43, Magnus Hagander <magnus@hagander.net> wrote: > > On Wed, Sep 7, 2016 at 5:31 PM, Daniel Gustafsson <daniel@yesql.se <mailto:daniel@yesql.se>> wrote: > > On 24 May 2016, at 21:35, Magnus Hagander <magnus@hagander.net <mailto:magnus@hagander.net>> wrote: > > > > As some were briefed about during the pginfra session at pgcon, we have now configured the www.postgresql.org <http://www.postgresql.org/>website to be https only. > > > > Any access with http should result in a redirect to https only. We will be deploying http strict transport security ata later date, once we have had more testing. > > > > Speaking of testing, we'd appreciate help from others with testing the site out at this point. Please let us know anythingthat does not work properly for you (especially if related to https, but please report other issues as well, as theymight be "silently dependent" on the change through other backend changes bundled up with it) > > A little late to the party, but I just noticed that developer.postgresql.org <http://developer.postgresql.org/> > doesn’t work over https while all the other x.postgresql.org <http://x.postgresql.org/> sites do (a file > residing there was linked in a README). Is that intentional? > > It's not intentional and it's not wrong. Basically we haven't gotten to that box yet. It's only the main website that's100% there, there are still TODO items left on the others. Fair enough, just wanted to doublecheck (didn’t even know that site existed until today). cheers ./daniel