From mboxrd@z Thu Jan  1 00:00:00 1970
From: Roel Janssen <roel@gnu.org>
Subject: HTTPS for Hydra
Date: Thu, 04 Feb 2016 23:56:52 +0100
Message-ID: <8760y4ythn.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57943)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <roel@gnu.org>) id 1aRSo8-00024Y-1J
	for guix-devel@gnu.org; Thu, 04 Feb 2016 17:55:24 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <roel@gnu.org>) id 1aRSo4-0002Df-QN
	for guix-devel@gnu.org; Thu, 04 Feb 2016 17:55:23 -0500
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:43016)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <roel@gnu.org>)
	id 1aRSo4-0002Da-Mr
	for guix-devel@gnu.org; Thu, 04 Feb 2016 17:55:20 -0500
Received: from 541e9304.cm-5-7c.dynamic.ziggo.nl ([84.30.147.4]:38722
	helo=roel-tp)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <roel@gnu.org>) id 1aRSo3-0003yI-UE
	for guix-devel@gnu.org; Thu, 04 Feb 2016 17:55:20 -0500
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel@gnu.org

Dear list,

I would like to propose adding HTTPS support for hydra.gnu.org.  The
direct need to have this set up, is to allow the build status icons to
load on the packages page of the Guix website.

Fortunately, this should be possible without causing a lot of trouble
because Hydra uses nginx as web server.  Here's the nginx manual on
adding support for SSL/TLS:

  http://nginx.org/en/docs/http/configuring_https_servers.html

I'm not sure what the policy for SSL/TLS certificates is, but
personally, I think a LetsEncrypt certificate would be fine:

  https://www.letsencrypt.org

A short guide to get it up and running is here:

  https://adambard.com/blog/using-letsencrypt-with-nginx/

What do you think about adding SSL/TLS to Hydra?  And is anyone with
access to hydra.gnu.org willing to take the time to configure nginx and
get a certificate?

Kind regards,
Roel