hugo-deploy
hugo-deploy copied to clipboard
nathany
End-to-end encryption
Right now I'm using CloudFlare with Flexible SSL. I would like to do better, especially if I ever have any user forms on a site.
Flexible SSL: There is an encrypted connection between your website visitors and CloudFlare, but not from CloudFlare to your server.
S3 supports HTTPS, but only for subdomains without dots in them (eg. hugo-deploy but not nathany.com).
However, S3's static website hosting doesn't appear to support HTTPS.
https://hugo-deploy.s3.amazonaws.com/index.html works https://hugo-deploy.s3-website-us-east-1.amazonaws.com doesn't resolve
As far as I can tell, it's the same situation for Google Cloud Storage. And with GCS there is the question of whether or not the site would be available everywhere, as well as not having CDN $ pricing.
Amazon CloudFront may do the trick, if cache is invalidated automatically in s3up (https://github.com/nathany/s3up/issues/6), but it lacks HTTP/2.
An alternative is to run Caddy on a server somewhere (Google Container Engine, Digital Ocean, Linode) with Let's Encrypt for the certs. With or without CloudFlare in front.
https://aws.amazon.com/about-aws/whats-new/2016/09/amazon-cloudfront-now-supports-http2/
CloudFront and ACM: https://github.com/dcarley/dan.carley.co/tree/master/terraform
https://github.com/pkazmierczak/piotrkazmierczak.com/blob/master/.travis.yml