mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] dw_dev2019-06-02 02:29 pm
  • Add Memory
  • Share This Entry

SSL is dead, long live SSL

FYI - SSL configuration is gone as of this kind of big diff.

These days, no web site should be running without SSL. If you are on the Internet, providing a service, you should be protecting your user traffic. Certificates are free (letsencrypt!), proxies are cheap (Cloudflare!), and CPU is abundant with hardware support for crypto. The fact that we still had things like $LJ::USE_SSL is a mis-feature.

(Not to mention it was insanely confusing trying to figure out what $LJ::HTTPS_EVERYWHERE meant compared to $LJ::ALL_TRAFFIC_IS_SSL...)

Anyway, it's all gone now. Dreamwidth will just handle whatever traffic you give it and will use whatever $LJ::SITEROOT you set. The recommended configuration is now to set your $LJ::SITEROOT to be secure (https://...) and set up certificates on your proxy service of choice. Given that nobody is actually running Dreamwidth besides us, though, this is sort of left as an exercise to the reader -- but feel free to ask questions if you have any, we can probably give some advice on how we've set it up.

Flat | Top-Level Comments Only
foxfirefey: A fox colored like flame over an ornately framed globe (Default)

[personal profile] foxfirefey 2019-06-25 03:32 am (UTC)(link)
In case anybody else is wondering how one indicates one is going to be a lil trashy on security for their development installations, I added instructions to the scratch installation page; you just have to add this to your local config:

$PROTOCOL = "http";
Flat | Top-Level Comments Only