piss

entries

  1. Add SSL to your personal website
    Seth Ladd's Blog
  2. Dynamically load package contents with Dart's new Resource class
    Seth Ladd's Blog
  3. New Dart SDK helps eliminates symlinks
    Seth Ladd's Blog
  4. Null-aware operators in Dart
    Seth Ladd's Blog
  5. Formatting Dart code before every git commit
    Seth Ladd's Blog
  6. I ported a JavaScript app to Dart. Here's what I learned.
    Seth Ladd's Blog
  7. Speed Up Your Dart App's Initial Load With This Transformer
    Seth Ladd's Blog
  8. Angular and Polymer Data Binding, Together!
    Seth Ladd's Blog
  9. How to shrink the size of your Dart app when compiled to JavaScript
    Seth Ladd's Blog
  10. Compile-time dead code elimination with dart2js
    Seth Ladd's Blog
  11. Forms, HTTP servers, and Polymer with Dart
    Seth Ladd's Blog
  12. JavaZone Report. Spoiler: Awesome.
    Seth Ladd's Blog
  13. You complete me, unless you already have a Dart future
    Seth Ladd's Blog
  14. Polymer and Dart: A First Look
    Seth Ladd's Blog
  15. Two-way data binding with Web UI custom elements and models
    Seth Ladd's Blog
  16. Dart and Sencha Touch for Mobile Web Apps
    Seth Ladd's Blog
  17. Create unified interfaces across dart:io and dart:html
    Seth Ladd's Blog
  18. Call JavaScript from Dart - First Look
    Seth Ladd's Blog
  19. Forms, HTTP servers, and Web Components with Dart
    Seth Ladd's Blog
  20. Watch the video from What's New in Dart from Google I/O 2013
    Seth Ladd's Blog
  21. Lazy Load Libraries in Dart
    Seth Ladd's Blog
  22. Dynamically Load Code with Dart
    Seth Ladd's Blog
  23. 6 Dart FAQs - Answered!
    Seth Ladd's Blog
  24. First Look at Dart Mixins
    Seth Ladd's Blog
  25. Dart on FLOSS Weekly from TWiT Network
    Seth Ladd's Blog

Add SSL to your personal website

Seth Ladd's Blog

source

Give yourself a gift this holiday season, and add SSL to your personal site. The web is going secure, and it's time to be part of the solution. This article details how I turned on SSL&nbsp;+ custom domains, plus automated deploys, for my <a href="https://sethladd.com/">personal site</a> for the cost of a domain (which I already had) and $5/year. Read on!<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <img border="0" height="186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitMAgaACVd5748-A8z9Wpg3A7rQiEuQ2XgsHCREI12jnCPIbBhHg95wZzlQkNMqHuMCwmqrj7jNRDQlj9skvbf_5umDjwfzNXMcKC5PNiZB2bQDYVR9QRDKwv82LEZlpnOsEnDXuB15UWB/s400/Screen+Shot+2015-12-21+at+7.54.20+PM.png" width="400" /></div> <br /> Turns out, it's easier (and more affordable!) than you think to add SSL to your website. But first, why bother? There are lots of reasons why you should care about adding SSL:<br /> <br /> <ul> <li>Search engines are preferring SSL</li> <li>New web APIs (like service worker) mandate SSL</li> <li>Users trust SSL</li> <li>Bonus: SSL can help enable HTTP/2 on some servers</li> </ul> <div> Your setup will vary, so look for the easiest/shortest path to SSL for your particular site. Everyone has factors they want to optimize for. Here's what I was trying to optimize, as I looked for a solution.</div> <div> <br /></div> <div> I needed a solution that was:</div> <div> <ul> <li>Affordable</li> <ul> <li>The solution should be very, very affordable. Affordable, in this context, means "as close to free as possible". My personal website is <i>extremely</i> low traffic. It doesn't make sense for me to pay a lot of money for something so small.</li> </ul> <li>Easy</li> <ul> <li>I don't have time to manage my personal site. The solution has to be simple and quick.</li> </ul> <li>Sustainable</li> <ul> <li>Because I don't have time to manage my site, I need a solution that is "set and forget" for as long as possible.</li> </ul> <li>GitHub friendly</li> <ul> <li>My site's source is on GitHub, and I needed a hosting+SSL solution that integrated with a "push to deploy" model.</li> </ul> <li>Static file friendly</li> <ul> <li>My personal site is extremely simple. I don't need anything other than a few static files.</li> </ul> <li>Works with Custom Domains</li> <ul> <li>I want to use my own domain.</li> </ul> </ul> <div> I looked at a lot of options. Here's what <i>didn't</i> work for me, for a variety of reasons. They may work for you.</div> </div> <div> <br /></div> <div> <ul> <li>Managing my own VPS (e.g. on Digital Ocean or EC2).</li> <ul> <li>This option completely rules out easy and sustainable. Manual configuration of servers, or keeping linux distros up to date, are two things I absolutely do not want to be doing.</li> </ul> <li>Google Cloud Storage</li> <ul> <li>GCS does serve static files, and even supports custom domains. However, they don't support custom domains <i>and</i> SSL. Bummer. It also doesn't support basic static file hosting feature like redirects, so it's probably not an option anyway.</li> </ul> <li>GitHub Pages</li> <ul> <li>Great integration with GitHub (of course :), but don't they don't support custom domains <i>and</i> SSL. They support custom domains, and SSL via the github.io domain, just not custom domains and SSL together at the same time.</li> </ul> <li>Amazon Web Services</li> <ul> <li>I'm not aware of an AWS product that meets my needs. Maybe they have some awesome static file server with custom domains and SSL and git integration? I didn't see one.</li> </ul> <li>Firebase Static Hosting</li> <ul> <li>This open is actually really good, and it was almost my solution. Their setup is very simple, they support custom domains and SSL, and they have decent GitHub integration (it requires just a little bit of scripting to deploy after a push). The only downside is that it costs $5/month for custom domains (but, the certificate is free and provided by Firebase). $60/year is a small price, especially considering the Firebase gives you an SSL certificate for free! Also, their static hosting is very good: they give you configuration options for redirects, custom 404 pages, and more. It's a very good option for most people. But, if $60/year is an issue (and it was hard for me to justify $60/year for a site that maybe serves 60 pages a year :), keep reading.</li> <li>I should also note that it doesn't appear that Firebase supports IPv6 hosting. At least, their instructions didn't tell me to add IPv6 addresses to my DNS. This is probably a minor thing.</li> </ul> </ul> <div> The hosting option that <i>did</i> work for me, after a lot of searching and reading, was: Google App Engine.</div> </div> <div> <br /></div> <div> Google App Engine has a few things that made it a winner for me:</div> <div> <ul> <li>A completely free tier.</li> <ul> <li>My personal site is way, way, way under the free tier limits.</li> </ul> <li>Runs itself</li> <ul> <li>App Engine just keeps on trucking, especially for a simple static site.</li> </ul> <li>Custom domains</li> <ul> <li>No need to upgrade to a paid tier to get this feature.</li> </ul> <li>Custom certificates</li> <ul> <li>You need to upload your own certification, but you don't need to upgrade to a paid tier to get this feature.</li> </ul> <li>Fine for simple static sites</li> <ul> <li>For just a few pages, App Engine's configuration is decent. It's not as simple as Firebase's, but I don't anticipate needing redirects.</li> </ul> <li>Can be deployed from a push to GitHub</li> <ul> <li><a href="https://travis-ci.org/">Travis</a> to the rescue! The free Travis CI system can trigger a deploy to App Engine, when you push to GitHub.</li> </ul> <li>Support for "naked domains"</li> <ul> <li>App Engine can now serve http://example.com. For the longest time, they request a subdomain, but naked domains now work.</li> </ul> <li>Supports IPv6</li> <ul> <li>Because future.</li> </ul> </ul> <div> Google App Engine isn't perfect. If you want to do any redirects, you need to start writing Python. And it's not obvious how to setup App Engine for pure static hosting, nor is App Engine the simplest way to serve a static site (e.g. it's not good at recognizing optional trailing slashes in URL paths), but it can be done.</div> <div> <br /></div> <div> The next question was: where do I get an inexpensive SSL certificate? I looked around, and there are a lot of options and resellers. I purchased a three-year personal cert from https://ssls.com for a total of $15. That's 1/4 the price of one year of hosting with Firebase. The fact that I found a very affordable SSL cert is what really made App Engine a winner for me.</div> </div> <div> <br /></div> <div> I assume you know about GitHub, how to get an App Engine account, and how to connect Travis to automate the builds. I know this looks like a lot of steps, but, remember, I'm doing three things here: custom domains, SSL, and automated deploys.</div> <div> <br /></div> <div> Here's a list of docs and some manual steps that helped me get my personal website setup for custom domain, SSL, and automated deploys from GitHub:</div> <div> <ul> <li><a href="https://cloud.google.com/appengine/docs/python/console/using-custom-domains-and-ssl">Custom domains and SSL for App Engine</a></li> <ul> <li>Helps you link your domain to App Engine and walks you through generating the necessary files for the certificate.</li> </ul> <li><a href="https://www.ssls.com/">Affordable personal SSL certs from ssls.com</a></li> <ul> <li>I purchased a "PositiveSSL" cert with a three-year expiration.</li> <li>Generate a CSR by running&nbsp;<i>openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr</i>&nbsp;in a temp directory</li> <ul> <li>Tips for answering the questions:&nbsp;<a href="https://www.ssls.com/user/certificates/activate/4123421">https://www.ssls.com/user/certificates/activate/4123421</a></li> </ul> <li>Upload the CSR to your certificate vendor</li> <li>You may need to perform additional verification steps. For example, I had to verify that I owned by domain by uploading a file to a special location on my server that serves my domain name.</li> </ul> <li>Generating a service account from the Google Cloud Console</li> <ul> <li>You can create a Service Account by going to the Google Cloud Console, go to “APIs &amp; auth” -&gt; “Credentials”, then click “Add Credential” and “Service Account”, finally clicking “JSON” to download the JSON key.</li> </ul> <li>Encrypting the JSON key</li> <ul> <li>Install the travis command-line utils:&nbsp;<i>sudo gem install travis -v 1.8.0 --no-rdoc --no-ri</i></li> <li>run: <i>cd&nbsp;your_website_dir</i></li> <li>run: <i>cp&nbsp;</i><i>path/to/downloaded/cloud/service_account.json .</i></li> <li>run:&nbsp;<i>travis login --auto</i></li> <li>run:&nbsp;<i>travis encrypt-file service_account.json --add</i></li> <li>run: <i>rm service_account.json</i></li> <ul> <li>DO NOT check this file in! Only check in the encrypted version.</li> </ul> </ul> <li><a href="https://github.com/sethladd/sethladd-site/blob/master/.travis.yml">My .travis.yml file</a>&nbsp;which kicks off the deploy script</li> <ul> <li>Grab this, and add it to your project (or, diff it with your existing .travis.yml file and add the relevant lines).</li> </ul> <li><a href="https://github.com/sethladd/sethladd-site/blob/master/travis.sh">My travis.sh script</a> which is the actual deploy script</li> <ul> <li>This has the logic to download the Google Cloud SDK, configuration authentication, and perform the actual deploy.</li> </ul> <li><a href="https://github.com/sethladd/sethladd-site/blob/master/app.yaml">My app.yaml</a> which configures my app for App Engine</li> <ul> <li>I had to remove some values, in order to work with the new gcloud command. For example, I had to remove the <i>application</i>&nbsp;and <i>version</i>&nbsp;keys from this file (they are set in travis.sh now, via gcloud).</li> </ul> <li>Turning on App Engine Admin API and&nbsp;Google Cloud Storage JSON API in the "API Manager" of the Google Cloud Console.</li> <ul> <li>None of the docs I found told me to do this. Took me a while to figure this part out!</li> </ul> </ul> <div> <br /></div> </div> <div> If you don't mind spending $60/year for hosting with a custom domain and SSL, consider Firebase. It's significantly less steps.</div>