grails-core icon indicating copy to clipboard operation
grails-core copied to clipboard
verified publisher icon grails

Update Grails Subdomains pointed to GitHub Pages to use HTTPS provided by GitHub instead of Cloudflare

Open jamesfredley opened this issue 7 months ago • 4 comments

Issue description

This will simplify the Grails.org domain and DNS move to ASF. Most of the ~43TB/month in bandwidth comes from documentation.

Repos Not migrated to Apache: async.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/grails/grails-async/settings/pages

gsp.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/grails/grails-gsp/settings/pages

guides.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/grails-guides/grails-guides-template/settings/pages

slack-signup.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/grails/grails-slack-redirect/settings/pages

testing.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/grails/grails-testing-support/settings/pages

Repos Migrated to Apache: docs.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/apache/grails-doc/settings/pages

gorm.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/apache/grails-data-mapping/settings/pages

start.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/apache/grails-forge-ui/settings/pages

views.grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/apache/grails-views/settings/pages

Special due to www and non-www root, both with be cname to grails.github.io. and github handles the redirect. grails.org is the main grails.org. 1 IN CNAME grails.github.io. ; cf_tags=cf-proxied:true - https://github.com/apache/grails-static-website/settings/pages www.grails.org. 1 IN CNAME grails.org. ; cf_tags=cf-proxied:true

https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site

Example:

https://github.com/grails-guides/grails-guides-template/settings/pages

Remove proxy in cloudflare, then enable Enforce HTTPS in GitHub

Image

GitHub Pages requires direct DNS resolution to its servers to issue and renew SSL certificates via Let's Encrypt.

When Cloudflare's proxy is enabled, DNS queries resolve to Cloudflare's IPs instead of GitHub's, causing GitHub to fail the DNS check and display the error: "Enforce HTTPS — Unavailable for your site because your domain is not properly configured to support HTTPS."

Cloudflare's proxy also complicates certificate renewal, as GitHub cannot access the necessary Let's Encrypt challenge endpoints (e.g., /.well-known/acme-challenge/).

jamesfredley avatar May 09 '25 18:05 jamesfredley

https://oci-osf.atlassian.net/servicedesk/customer/portal/3/OO-46?created=true

jamesfredley avatar May 21 '25 22:05 jamesfredley

Image

jamesfredley avatar May 28 '25 16:05 jamesfredley

Image

jamesfredley avatar May 28 '25 17:05 jamesfredley

Image

jamesfredley avatar May 28 '25 17:05 jamesfredley