On Tuesday I posted a question -- how to serve HTTPS from an S3 bucket?
Several people suggested using CloudFront or CloudFlare. So yesterday I tried both.
These are not reviews. I'm just briefly reporting the results. I'm an HTTPS newbie. I'm looking for more info, and other options.
CloudFront is an Amazon service. Setup takes about five minutes, then about 20 minutes for them to provision it.
First, I set up a new bucket called tmp.scripting.com. I put a single file in it, hello.html, which contains a single line of JS, alert ("Hello World").
Then I went to the CloudFront panel in AWS, and created a new distribution. There's a big dialog with lots of options, but most of the defaults are fine. Choose one of your buckets, it assigns a domain name for you to use to access your distribution. You can provide a CNAME -- I did -- testsecure.scripting.com, pointing to the domain they provided. You can choose HTTPS, which I did (the point of the experiment). I don't have a certificate, and I am new to HTTPS.
I was able to access hello.html via ordinary HTTP, and over HTTPS using Amazon's domain, but not using my domain. This method will not work for hosting Fargo in a bucket that can be accessed over HTTPS without (as I understand it) spending $600 a month.
Sticker shock. I wish the big companies had left OAuth as-is, complicated for sure, but widely deployed. An individual developer can't spend that much money to jump through a hoop for large platform companies.
This service may be closer to doing what I need, but to find out I have to give them my credit card info, and I wish I didn't have to do that just to find out if it would work.
CloudFlare wants a whole domain to play with, which isn't a problem -- I have many that I'm not doing anything with. I gave them one and created a sub-domain, put an index file in it, a static HTML page that says hello.
To set it up, you go through a series of steps where you turn over DNS to them.
Now, it's not clear that they actually did anything -- because when I access the page I get the same headers that I got before I CloudFlare'd it.
Regardless, to get HTTPS you have to give them $20 a month. And it's not clear if that's on top of the $600 per month you have to pay for the certificate. (My guess that it is.)