Prep for move off CloudFlare #794

Closed

jonah wants to merge 1 commits from new-host into master

pull from: new-host

merge into: privacyguides:master

privacyguides:master

privacyguides:dependabot/bundler/nokogiri-1.13.6

privacyguides:dependabot/bundler/addressable-2.8.0

privacyguides:freddy-m-patch-3

privacyguides:pr-add_RemoveMyPhone_sponsor

privacyguides:pr-browser_cleanup_1257_1328_1430

privacyguides:freddy-m-patch-2

privacyguides:freddy-m-patch-1

privacyguides:pr-vpn_hated_one_video

privacyguides:cdn

privacyguides:update-nitrohorse-image

privacyguides:promote-metager-to-card

privacyguides:hardware

privacyguides:pr-add_azirevpn

privacyguides:pr-add_mailfence

privacyguides:shop

privacyguides:1673

privacyguides:pr/1658

privacyguides:i18n-simple

privacyguides:sponsorship-edits-nov2019

privacyguides:i18n

privacyguides:ipfs

privacyguides:blacklight447-ptio-patch-3

privacyguides:blog

privacyguides:remove-windows-icons

privacyguides:pr/1147

privacyguides:i18n-testing

privacyguides:add-beautify

Conversation 5 Commits 1 Files Changed 1 -1

jonah commented 2019-03-30 18:24:02 +00:00

Owner

Copy Link

We are going to move off of CloudFlare to an Nginx server we control that will reverse proxy to the GitHub Pages host. Essentially we will be acting in the exact same way CloudFlare currently does for us, but under our control.

We need to start by serving this site on privacytoolsio.github.io/privacytools.io instead of www.privacytools.io so we can actually implement this server side (which is what this commit accomplishes). Once we move to the new DNS infrastructure we will point the main domain to our Nginx server and get Let's Encrypt installed. Hopefully this will be accomplished with minimal downtime.

Obviously, don't merge this until the backend is ready.

---

Resolves: #374

We are going to move off of CloudFlare to an Nginx server we control that will reverse proxy to the GitHub Pages host. Essentially we will be acting in the exact same way CloudFlare currently does for us, but under our control. We need to start by serving this site on `privacytoolsio.github.io/privacytools.io` instead of `www.privacytools.io` so we can actually implement this server side (which is what this commit accomplishes). Once we move to the new DNS infrastructure we will point the main domain to our Nginx server and get Let's Encrypt installed. Hopefully this will be accomplished with minimal downtime. Obviously, don't merge this until the backend is ready. --- Resolves: #374

ghost commented 2019-03-30 18:31:30 +00:00 (Migrated from github.com)

Author

Owner

Copy Link

Why not just let GH take care of everything?

Why not just let GH take care of everything?

jonah commented 2019-03-30 18:51:39 +00:00

Author

Owner

Copy Link

@Shifterovich that’s something I thought about, but this is my thinking...

1. If we just let GH handle it, GitHub will have access to all their access logs of course and will be able to see Visitor IPs. If we proxy it, GH will only be able to see our IP, which is better from our user’s privacy perspective. And
2. If we proxy it, we can enable all the custom headers we want, which will help with #792, #151, etc. We can also do better browser caching for attachments.

Thoughts?

Edit: also GitHub will take a while to get an SSL certificate probably, if it doesn’t have one already for this domain (I can’t check, not a repo admin). That’d be a lot of downtime if we had to wait for their servers to catch up.

Also ideally we'll eventually stop relying on GitHub at all, and this would make that transition easier. But that's long-term.

GitHub will still be handling everything behind the scenes to be clear, it'll just be User --> Our Server --> GitHub Pages

@Shifterovich that’s something I thought about, but this is my thinking... 1. If we just let GH handle it, GitHub will have access to all their access logs of course and will be able to see Visitor IPs. If we proxy it, GH will only be able to see our IP, which is better from our user’s privacy perspective. And 2. If we proxy it, we can enable all the custom headers we want, which will help with #792, #151, etc. We can also do better browser caching for attachments. Thoughts? Edit: also GitHub will take a while to get an SSL certificate probably, if it doesn’t have one already for this domain (I can’t check, not a repo admin). That’d be a lot of downtime if we had to wait for their servers to catch up. Also ideally we'll eventually stop relying on GitHub at all, and this would make that transition easier. But that's long-term. GitHub will still be handling everything behind the scenes to be clear, it'll just be User --> Our Server --> GitHub Pages

ghost commented 2019-03-30 19:37:03 +00:00 (Migrated from github.com)

Author

Owner

Copy Link

If that's something @BurungHantu1605 can set up and maintain, sure, I see the benefits.

Using just GH is the easiest solution. For me personally, the convenience outweighs the few drawbacks (like custom headers and GH having log access).

If that's something @BurungHantu1605 can set up and maintain, sure, I see the benefits. Using just GH is the easiest solution. For me personally, the convenience outweighs the few drawbacks (like custom headers and GH having log access).

jonah commented 2019-03-30 19:49:47 +00:00

Author

Owner

Copy Link

@BurungHantu1605 and I are setting up servers for stuff like Searx and Mastodon and DNS so this is just included in all of that work.

@BurungHantu1605 and I are setting up servers for stuff like [Searx](https://search.privacytools.io/) and [Mastodon](https://social.privacytools.io/) and DNS so this is just included in all of that work.

jonah commented 2019-03-31 00:38:39 +00:00

Author

Owner

Copy Link

This won't be necessary for the new plan :)

This won't be necessary for the new plan :)

This repo is archived. You cannot comment on pull requests.

Reviewers

No Reviewers

Labels

Clear labels

🔍🤖 Search Engines

approved

approved, waiting for a PR

dependencies

Pull requests that update a dependency file

duplicate

feedback wanted

high priority

I2P

The Invisible Internet Project (I2P)

iOS

low priority

OS

Operating Systems

Self-contained networks

Social media

stale

A label for stalebot if it gets added

streaming

Anything related to media streaming.

todo

Tor

Anything covering the Tor network

WIP

active work in progress, do not merge or PR (yet)!

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

XMPP

Extensible Messaging and Presence Protocol

[m]

Matrix protocol

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

Browser Extension related issues

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

Correction of content on the website

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

Firefox & forks, about:config etc.

💻 hardware

🌐 hosting

🏠 housekeeping

Anything primarily related to site cleanup.

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

Virtual Private Network

🌐 website issue

*Technical* issues with the website.

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

Domain Name System

🗨️ instant messaging (im)

🇦🇶 translations

Anything covering a translated version of the site

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

jonah

No Assignees

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#794

No description provided.