HTTPS exploration continues

On Tuesday I posted a question — how to serve HTTPS from an S3 bucket?

Several people suggested using CloudFront or CloudFlare. So yesterday I tried both.

These are not reviews. I’m just briefly reporting the results. I’m an HTTPS newbie. I’m looking for more info, and other options.

CloudFront

  • CloudFront is an Amazon service. Setup takes about five minutes, then about 20 minutes for them to provision it.
  • First, I set up a new bucket called tmp.scripting.com. I put a single file in it, hello.html, which contains a single line of JS, alert (“Hello World”).
  • Then I went to the CloudFront panel in AWS, and created a new distribution. There’s a big dialog with lots of options, but most of the defaults are fine. Choose one of your buckets, it assigns a domain name for you to use to access your distribution. You can provide a CNAME — I did — testsecure.scripting.com, pointing to the domain they provided. You can choose HTTPS, which I did (the point of the experiment). I don’t have a certificate, and I am new to HTTPS.
  • I was able to access hello.html via ordinary HTTP, and over HTTPS using Amazon’s domain, but not using my domain. This method will not work for hosting Fargo in a bucket that can be accessed over HTTPS without (as I understand it) spending $600 a month.
  • Sticker shock. I wish the big companies had left OAuth as-is, complicated for sure, but widely deployed. An individual developer can’t spend that much money to jump through a hoop for large platform companies.
  • Hope we can do something to lower the barrier for independent developers. Amazon or Dropbox could do something here. My opinion: removing barriers to deploying static JavaScript apps is good for business.

CloudFlare

  • This service may be closer to doing what I need, but to find out I have to give them my credit card info, and I wish I didn’t have to do that just to find out if it would work.
  • CloudFlare wants a whole domain to play with, which isn’t a problem — I have many that I’m not doing anything with. I gave them one and created a sub-domain, put an index file in it, a static HTML page that says hello.
  • To set it up, you go through a series of steps where you turn over DNS to them.
  • Now, it’s not clear that they actually did anything — because when I access the page I get the same headers that I got before I CloudFlare’d it.
  • Regardless, to get HTTPS you have to give them $20 a month. And it’s not clear if that’s on top of the $600 per month you have to pay for the certificate. (My guess that it is.)
Advertisements

About Dave Winer

Dave Winer, 54, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s