Comments (4)
Sounds fine with me, but we need to tell people how to get DNS address as
well.
On Tue, May 31, 2016, 10:43 Halvdan Hoem Grelland [email protected]
wrote:
We aren't doing anyone any favours by bundling the snakeoil certs on
install: they are useless for production and https is unnecessary for
dev/training, especially since browsers complain pretty loudly about fake
certs.If we need to bundle an HTTPS setup we could (optionally) include a setup
for Let's encrypt https://letsencrypt.com which issues free 3 month
certificates and comes with client software to enable pain free
auto-renewal. This solution provides free and painless LEGIT certificates
for the DHIS2 instance.Of course, the cert needs to be configured for an actual domain, which
makes the whole ordeal a bit more complicated... Maybe writing a short
guide setup with dhis2/nginx would suffice?—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13, or mute the thread
https://github.com/notifications/unsubscribe/AC1J_allk34JFCmKl-i2y2WuwTPe0-MFks5qHEkRgaJpZM4Iqm17
.
from dhis2-tools.
A few quick thoughts.
- Jason had previously raised the suggestion of lets encrypt. Its not a
bad idea - good that the issue has been documented. - it not that we exactly bundle snakeoil certs. Either way my feeling at
the time was that it is better than the default install being http. I
think in fact it has been quite effective in forcing folk to get properly
ssl/tls enabled when they wouldn't have done otherwise. In that sense I
think we might actually have done some favours :-) - I have had mixed feelings from the start about having a dhis2-nginx
script at all. As I see it, it is actually outside of the scope of setting
up the tomcat containers and nginx isn't even a dependency of the package.
Both nginx and postgresql are not necessarily part of the same machine
scope. I'd be happy to simply remove it and retain some up to date sample
files which users might or might not find useful. In my experience the
nginx configuration tends to get fairly rapidly customised anyway.
dhis2-nginx is just really a lazy way to get started.
So your question "If we need to bundle an HTTPS setup .." is the most
important. I am not sure we do. Having some skeleton samples might still
be useful. Though for any kind of automated setup some kind of (probably
more sophisticated) script would still be required. Feel free to
contribute.
It would also be quite easy to open a second connector on tomcat for
handling http requests which might be useful in training. My fear would be
that it would simply open the way for folk to revert to using http in
production.
Note that most training in country environments make use of copies of the
production database so i wouldn't encourage the view that training is risk
free.
I am open to suggestions.
On 31 May 2016 at 16:18, Jason Pickering [email protected] wrote:
Sounds fine with me, but we need to tell people how to get DNS address as
well.On Tue, May 31, 2016, 10:43 Halvdan Hoem Grelland <
[email protected]>
wrote:We aren't doing anyone any favours by bundling the snakeoil certs on
install: they are useless for production and https is unnecessary for
dev/training, especially since browsers complain pretty loudly about fake
certs.If we need to bundle an HTTPS setup we could (optionally) include a setup
for Let's encrypt https://letsencrypt.com which issues free 3 month
certificates and comes with client software to enable pain free
auto-renewal. This solution provides free and painless LEGIT certificates
for the DHIS2 instance.Of course, the cert needs to be configured for an actual domain, which
makes the whole ordeal a bit more complicated... Maybe writing a short
guide setup with dhis2/nginx would suffice?—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13, or mute the thread
<
https://github.com/notifications/unsubscribe/AC1J_allk34JFCmKl-i2y2WuwTPe0-MFks5qHEkRgaJpZM4Iqm17.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#13 (comment),
or mute the thread
https://github.com/notifications/unsubscribe/ABFTq4bYu3XowVQvS6XXv-ytlyxyrqkBks5qHFFBgaJpZM4Iqm17
.
from dhis2-tools.
Provided Let' Encrypt guide in eb938ce. Maybe I should update it with DNS explanation/tips?
from dhis2-tools.
Great work!
from dhis2-tools.
Related Issues (20)
- Some manpages are missing HOT 1
- Building manual pages on Ubuntu 16.04 HOT 1
- problems with instance names with dashes HOT 2
- instance pid process not removed/killed HOT 1
- dhis2-list-instances HOT 1
- dhis2-remove-instance HOT 1
- nginx improvements HOT 1
- dhis2-instance-backup HOT 1
- dhis2-instance-restore HOT 1
- dhis2-instance-rename HOT 1
- phppgadmin HOT 1
- proxy env variables HOT 1
- unique name for /tmp/dhis2.war download.
- sudoers file is too liberal
- dhis2-deploywar - default is dangerous HOT 1
- Add support for distro 17.04 (Ubuntu-yakkety) HOT 2
- Makepasswd does not work on certain VMs causing DHIS2 tools to hang. HOT 2
- Oracle Java (JDK) 8 Installer PPA (DISCONTINUED) HOT 1
- need to upgrade docs to docbook 5 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dhis2-tools.