Support HTTPS delivery of web-app
Consider what is required to serve the web-app over HTTPS.
Blueprint information
- Status:
- Started
- Approver:
- None
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
- Deployment
- Milestone target:
- rc1
- Started by
- Thomi Richards
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
We need to support delivering the web-app over HTTPS. We're currently sending user details over HTTP (clear-text!)
A better solution is to serve the web-app with apache for production installs, and continue to use pasteDeploy for development builds. This will require several changes:
* Change debian package to depend on apache2, and install config files to make apache serve the sloecode web-app.
* Ensure the web-app works with https as well as it does with http - this should be a no-op, since we don't hard code any URL paths (however, url-for may require tweaking?).
* Somehow ask the user if they want to use HTTP or HTTPS when they install the package. Remember their choice for subsequent package upgrades. If they pick HTTPS, provide a set of self-signed SSL certs, and allow the user to replace them with their own.