Support HTTPS delivery of web-app

Registered by Thomi Richards on 2011-05-19

Consider what is required to serve the web-app over HTTPS.

Blueprint information

Status:
Started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
Discussion
Series goal:
None
Implementation:
Deployment
Milestone target:
milestone icon rc1
Started by
Thomi Richards on 2011-06-28

Related branches

Sprints

Whiteboard

We need to support delivering the web-app over HTTPS. We're currently sending user details over HTTP (clear-text!)

A better solution is to serve the web-app with apache for production installs, and continue to use pasteDeploy for development builds. This will require several changes:

 * Change debian package to depend on apache2, and install config files to make apache serve the sloecode web-app.

 * Ensure the web-app works with https as well as it does with http - this should be a no-op, since we don't hard code any URL paths (however, url-for may require tweaking?).

 * Somehow ask the user if they want to use HTTP or HTTPS when they install the package. Remember their choice for subsequent package upgrades. If they pick HTTPS, provide a set of self-signed SSL certs, and allow the user to replace them with their own.

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.