HTTPS exploration continues

On Tuesday I posted a question -- how to serve HTTPS from an S3 bucket?

Several people suggested using CloudFront or CloudFlare. So yesterday I tried both.

These are not reviews. I'm just briefly reporting the results. I'm an HTTPS newbie. I'm looking for more info, and other options.

CloudFront

  • CloudFront is an Amazon service. Setup takes about five minutes, then about 20 minutes for them to provision it.

  • First, I set up a new bucket called tmp.scripting.com. I put a single file in it, hello.html, which contains a single line of JS, alert ("Hello World").

  • Then I went to the CloudFront panel in AWS, and created a new distribution. There's a big dialog with lots of options, but most of the defaults are fine. Choose one of your buckets, it assigns a domain name for you to use to access your distribution. You can provide a CNAME -- I did -- testsecure.scripting.com, pointing to the domain they provided. You can choose HTTPS, which I did (the point of the experiment). I don't have a certificate, and I am new to HTTPS.

  • I was able to access hello.html via ordinary HTTP, and over HTTPS using Amazon's domain, but not using my domain. This method will not work for hosting Fargo in a bucket that can be accessed over HTTPS without (as I understand it) spending $600 a month.

  • Sticker shock. I wish the big companies had left OAuth as-is, complicated for sure, but widely deployed. An individual developer can't spend that much money to jump through a hoop for large platform companies.

  • Hope we can do something to lower the barrier for independent developers. Amazon or Dropbox could do something here. My opinion: removing barriers to deploying static JavaScript apps is good for business.

CloudFlare

  • This service may be closer to doing what I need, but to find out I have to give them my credit card info, and I wish I didn't have to do that just to find out if it would work.

  • CloudFlare wants a whole domain to play with, which isn't a problem -- I have many that I'm not doing anything with. I gave them one and created a sub-domain, put an index file in it, a static HTML page that says hello.

  • To set it up, you go through a series of steps where you turn over DNS to them.

  • Now, it's not clear that they actually did anything -- because when I access the page I get the same headers that I got before I CloudFlare'd it.

  • Regardless, to get HTTPS you have to give them $20 a month. And it's not clear if that's on top of the $600 per month you have to pay for the certificate. (My guess that it is.)


Last built: Thu, Apr 17, 2014 at 10:38 PM

By Dave Winer, Thursday, December 19, 2013 at 9:07 AM. We don't need no stinkin rock stars.