Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Deepak Dixit 
We have .htaccess file, we can write redirect rule in this file.

Thanks & Regards
--
Deepak Dixit


On Sun, Sep 30, 2018 at 3:51 PM, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> Few important articles from Google's official security blog site:
>
> https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html
> https://security.googleblog.com/2015/12/indexing-https-
> pages-by-default.html
> https://security.googleblog.com/2017/04/next-steps-toward-
> more-connection.html
> https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html
>
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997 
>
>
>
> On Sun, Sep 30, 2018 at 3:31 PM Ashish Vijaywargiya <
> ashish.vijaywarg...@hotwaxsystems.com> wrote:
>
> > Thanks, Jacques, Please feel free to get it done and let me know if some
> > help is required from my side. Thanks!
> >
> > --
> > Kind Regards
> > Ashish Vijaywargiya
> > HotWax Systems - est. 1997 
> >
> >
> >
> > On Sun, Sep 30, 2018 at 1:38 PM Jacques Le Roux <
> > jacques.le.r...@les7arts.com> wrote:
> >
> >> We can handle it ourselves. It's puppetised. The file is
> >> infrastructure-puppet\data\roles\tlpserver.yaml at
> >> https://github.com/apache/infrastructure-puppet.git in
> origin/deployment
> >> branch
> >>
> >> OFBiz block is
> >>
> >> ofbiz:
> >>  vhost_name: '*'
> >>  port: 80
> >>  servername: 'www.ofbiz.org'
> >>  docroot: '/www/ofbiz.apache.org'
> >>  manage_docroot: false
> >>  serveraliases:
> >>- 'ofbiz.org'
> >>  serveradmin: 'us...@infra.apache.org'
> >>  access_log_file: '/x1/logs/weblog.log'
> >>  error_log_file: '/x1/logs/errorlog.log'
> >>  custom_fragment: |
> >>Redirect permanent / http://ofbiz.apache.org/
> >>UseCanonicalName On
> >>RewriteEngine On
> >>RewriteOptions inherit
> >>
> >># bigfiles.ofbiz.org
> >>RewriteCond ${lowercase:%%{}{HTTP_HOST}}
> >> ^bigfiles(?:\.\w+)?\.ofbiz\.org$
> >>RewriteRule (.*) http://ofbiz-bigfiles.apache.org/ [L]
> >>
> >> So we should add a ssl block and redirect http block to https as
> >> explained at https://wiki.apache.org/httpd/RedirectSSL
> >>
> >> We can do a PR for that. Then it's better with an INFRA Jira because
> it's
> >> then seen and prioritised by the Infra team
> >>
> >> Jacques
> >>
> >>
> >> Le 30/09/2018 à 08:03, Taher Alkhateeb a écrit :
> >> > +1
> >> >
> >> > I'm not sure any effort is needed from our side? We just need to
> >> coordinate
> >> > with infra right?
> >> >
> >> > On Sun, Sep 30, 2018, 8:01 AM Ashish Vijaywargiya <
> >> > ashish.vijaywarg...@hotwaxsystems.com> wrote:
> >> >
> >> >> Hello Team,
> >> >>
> >> >> I think we should put some effort and make it work like if some user
> >> hits
> >> >> http://ofbiz.apache.org(default port http) then the user is
> >> redirected to
> >> >> https://ofbiz.apache.org(Secure port https)
> >> >>
> >> >> For now, the user sees a message "Not Secure" in the Google Chrome
> >> browser
> >> >> URL if the user comes to the official ofbiz website. This message can
> >> >> confuse the end user and he can move away if he is the new user
> >> visiting
> >> >> the project website.
> >> >>
> >> >> This issue can be easily addressed by setting up the apache
> redirects.
> >> This
> >> >> change will also help the project URLs from SEO point of view.
> >> >>
> >> >> Please share your thoughts then we can plan the things accordingly.
> >> >> Thanks!
> >> >>
> >> >> --
> >> >> Kind Regards
> >> >> Ashish Vijaywargiya
> >> >> HotWax Systems - est. 1997 
> >> >>
> >>
> >>
>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Ashish Vijaywargiya 
Few important articles from Google's official security blog site:

https://security.googleblog.com/2014/08/https-as-ranking-signal_6.html
https://security.googleblog.com/2015/12/indexing-https-pages-by-default.html
https://security.googleblog.com/2017/04/next-steps-toward-more-connection.html
https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html

Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997 



On Sun, Sep 30, 2018 at 3:31 PM Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> Thanks, Jacques, Please feel free to get it done and let me know if some
> help is required from my side. Thanks!
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997 
>
>
>
> On Sun, Sep 30, 2018 at 1:38 PM Jacques Le Roux <
> jacques.le.r...@les7arts.com> wrote:
>
>> We can handle it ourselves. It's puppetised. The file is
>> infrastructure-puppet\data\roles\tlpserver.yaml at
>> https://github.com/apache/infrastructure-puppet.git in origin/deployment
>> branch
>>
>> OFBiz block is
>>
>> ofbiz:
>>  vhost_name: '*'
>>  port: 80
>>  servername: 'www.ofbiz.org'
>>  docroot: '/www/ofbiz.apache.org'
>>  manage_docroot: false
>>  serveraliases:
>>- 'ofbiz.org'
>>  serveradmin: 'us...@infra.apache.org'
>>  access_log_file: '/x1/logs/weblog.log'
>>  error_log_file: '/x1/logs/errorlog.log'
>>  custom_fragment: |
>>Redirect permanent / http://ofbiz.apache.org/
>>UseCanonicalName On
>>RewriteEngine On
>>RewriteOptions inherit
>>
>># bigfiles.ofbiz.org
>>RewriteCond ${lowercase:%%{}{HTTP_HOST}}
>> ^bigfiles(?:\.\w+)?\.ofbiz\.org$
>>RewriteRule (.*) http://ofbiz-bigfiles.apache.org/ [L]
>>
>> So we should add a ssl block and redirect http block to https as
>> explained at https://wiki.apache.org/httpd/RedirectSSL
>>
>> We can do a PR for that. Then it's better with an INFRA Jira because it's
>> then seen and prioritised by the Infra team
>>
>> Jacques
>>
>>
>> Le 30/09/2018 à 08:03, Taher Alkhateeb a écrit :
>> > +1
>> >
>> > I'm not sure any effort is needed from our side? We just need to
>> coordinate
>> > with infra right?
>> >
>> > On Sun, Sep 30, 2018, 8:01 AM Ashish Vijaywargiya <
>> > ashish.vijaywarg...@hotwaxsystems.com> wrote:
>> >
>> >> Hello Team,
>> >>
>> >> I think we should put some effort and make it work like if some user
>> hits
>> >> http://ofbiz.apache.org(default port http) then the user is
>> redirected to
>> >> https://ofbiz.apache.org(Secure port https)
>> >>
>> >> For now, the user sees a message "Not Secure" in the Google Chrome
>> browser
>> >> URL if the user comes to the official ofbiz website. This message can
>> >> confuse the end user and he can move away if he is the new user
>> visiting
>> >> the project website.
>> >>
>> >> This issue can be easily addressed by setting up the apache redirects.
>> This
>> >> change will also help the project URLs from SEO point of view.
>> >>
>> >> Please share your thoughts then we can plan the things accordingly.
>> >> Thanks!
>> >>
>> >> --
>> >> Kind Regards
>> >> Ashish Vijaywargiya
>> >> HotWax Systems - est. 1997 
>> >>
>>
>>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Ashish Vijaywargiya 
Thanks, Jacques, Please feel free to get it done and let me know if some
help is required from my side. Thanks!

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997 



On Sun, Sep 30, 2018 at 1:38 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:

> We can handle it ourselves. It's puppetised. The file is
> infrastructure-puppet\data\roles\tlpserver.yaml at
> https://github.com/apache/infrastructure-puppet.git in origin/deployment
> branch
>
> OFBiz block is
>
> ofbiz:
>  vhost_name: '*'
>  port: 80
>  servername: 'www.ofbiz.org'
>  docroot: '/www/ofbiz.apache.org'
>  manage_docroot: false
>  serveraliases:
>- 'ofbiz.org'
>  serveradmin: 'us...@infra.apache.org'
>  access_log_file: '/x1/logs/weblog.log'
>  error_log_file: '/x1/logs/errorlog.log'
>  custom_fragment: |
>Redirect permanent / http://ofbiz.apache.org/
>UseCanonicalName On
>RewriteEngine On
>RewriteOptions inherit
>
># bigfiles.ofbiz.org
>RewriteCond ${lowercase:%%{}{HTTP_HOST}}
> ^bigfiles(?:\.\w+)?\.ofbiz\.org$
>RewriteRule (.*) http://ofbiz-bigfiles.apache.org/ [L]
>
> So we should add a ssl block and redirect http block to https as explained
> at https://wiki.apache.org/httpd/RedirectSSL
>
> We can do a PR for that. Then it's better with an INFRA Jira because it's
> then seen and prioritised by the Infra team
>
> Jacques
>
>
> Le 30/09/2018 à 08:03, Taher Alkhateeb a écrit :
> > +1
> >
> > I'm not sure any effort is needed from our side? We just need to
> coordinate
> > with infra right?
> >
> > On Sun, Sep 30, 2018, 8:01 AM Ashish Vijaywargiya <
> > ashish.vijaywarg...@hotwaxsystems.com> wrote:
> >
> >> Hello Team,
> >>
> >> I think we should put some effort and make it work like if some user
> hits
> >> http://ofbiz.apache.org(default port http) then the user is redirected
> to
> >> https://ofbiz.apache.org(Secure port https)
> >>
> >> For now, the user sees a message "Not Secure" in the Google Chrome
> browser
> >> URL if the user comes to the official ofbiz website. This message can
> >> confuse the end user and he can move away if he is the new user visiting
> >> the project website.
> >>
> >> This issue can be easily addressed by setting up the apache redirects.
> This
> >> change will also help the project URLs from SEO point of view.
> >>
> >> Please share your thoughts then we can plan the things accordingly.
> >> Thanks!
> >>
> >> --
> >> Kind Regards
> >> Ashish Vijaywargiya
> >> HotWax Systems - est. 1997 
> >>
>
>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Jacques Le Roux 
We can handle it ourselves. It's puppetised. The file is infrastructure-puppet\data\roles\tlpserver.yaml at 
https://github.com/apache/infrastructure-puppet.git in origin/deployment branch


OFBiz block is

ofbiz:
    vhost_name: '*'
    port: 80
    servername: 'www.ofbiz.org'
    docroot: '/www/ofbiz.apache.org'
    manage_docroot: false
    serveraliases:
  - 'ofbiz.org'
    serveradmin: 'us...@infra.apache.org'
    access_log_file: '/x1/logs/weblog.log'
    error_log_file: '/x1/logs/errorlog.log'
    custom_fragment: |
  Redirect permanent / http://ofbiz.apache.org/
  UseCanonicalName On
  RewriteEngine On
  RewriteOptions inherit

  # bigfiles.ofbiz.org
  RewriteCond ${lowercase:%%{}{HTTP_HOST}} ^bigfiles(?:\.\w+)?\.ofbiz\.org$
  RewriteRule (.*) http://ofbiz-bigfiles.apache.org/ [L]

So we should add a ssl block and redirect http block to https as explained at 
https://wiki.apache.org/httpd/RedirectSSL

We can do a PR for that. Then it's better with an INFRA Jira because it's then 
seen and prioritised by the Infra team

Jacques


Le 30/09/2018 à 08:03, Taher Alkhateeb a écrit :

+1

I'm not sure any effort is needed from our side? We just need to coordinate
with infra right?

On Sun, Sep 30, 2018, 8:01 AM Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:


Hello Team,

I think we should put some effort and make it work like if some user hits
http://ofbiz.apache.org(default port http) then the user is redirected to
https://ofbiz.apache.org(Secure port https)

For now, the user sees a message "Not Secure" in the Google Chrome browser
URL if the user comes to the official ofbiz website. This message can
confuse the end user and he can move away if he is the new user visiting
the project website.

This issue can be easily addressed by setting up the apache redirects. This
change will also help the project URLs from SEO point of view.

Please share your thoughts then we can plan the things accordingly.
Thanks!

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Swapnil Mane 
+1


- Best Regard,
Swapnil

On Sun, Sep 30, 2018 at 10:31 AM Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> Hello Team,
>
> I think we should put some effort and make it work like if some user hits
> http://ofbiz.apache.org(default port http) then the user is redirected to
> https://ofbiz.apache.org(Secure port https)
>
> For now, the user sees a message "Not Secure" in the Google Chrome browser
> URL if the user comes to the official ofbiz website. This message can
> confuse the end user and he can move away if he is the new user visiting
> the project website.
>
> This issue can be easily addressed by setting up the apache redirects. This
> change will also help the project URLs from SEO point of view.
>
> Please share your thoughts then we can plan the things accordingly.
> Thanks!
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997 
>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Julian Smith 
Ooops - wrong email thread (silly me) Sorry all.

On Sun, Sep 30, 2018 at 4:00 PM Julian Smith 
wrote:

> Can you please leave it in the state 'enabled'
>
> I will manually trigger another backup once you have completed this.
>
> On Sun, Sep 30, 2018 at 3:01 PM Ashish Vijaywargiya <
> ashish.vijaywarg...@hotwaxsystems.com> wrote:
>
>> Hello Team,
>>
>> I think we should put some effort and make it work like if some user hits
>> http://ofbiz.apache.org(default port http) then the user is redirected to
>> https://ofbiz.apache.org(Secure port https)
>>
>> For now, the user sees a message "Not Secure" in the Google Chrome browser
>> URL if the user comes to the official ofbiz website. This message can
>> confuse the end user and he can move away if he is the new user visiting
>> the project website.
>>
>> This issue can be easily addressed by setting up the apache redirects.
>> This
>> change will also help the project URLs from SEO point of view.
>>
>> Please share your thoughts then we can plan the things accordingly.
>> Thanks!
>>
>> --
>> Kind Regards
>> Ashish Vijaywargiya
>> HotWax Systems - est. 1997 
>>
>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Taher Alkhateeb 
+1

I'm not sure any effort is needed from our side? We just need to coordinate
with infra right?

On Sun, Sep 30, 2018, 8:01 AM Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> Hello Team,
>
> I think we should put some effort and make it work like if some user hits
> http://ofbiz.apache.org(default port http) then the user is redirected to
> https://ofbiz.apache.org(Secure port https)
>
> For now, the user sees a message "Not Secure" in the Google Chrome browser
> URL if the user comes to the official ofbiz website. This message can
> confuse the end user and he can move away if he is the new user visiting
> the project website.
>
> This issue can be easily addressed by setting up the apache redirects. This
> change will also help the project URLs from SEO point of view.
>
> Please share your thoughts then we can plan the things accordingly.
> Thanks!
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997 
>

Re: "Not Secure" in the Google Chrome browser

2018-09-30 Thread Julian Smith 
Can you please leave it in the state 'enabled'

I will manually trigger another backup once you have completed this.

On Sun, Sep 30, 2018 at 3:01 PM Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> Hello Team,
>
> I think we should put some effort and make it work like if some user hits
> http://ofbiz.apache.org(default port http) then the user is redirected to
> https://ofbiz.apache.org(Secure port https)
>
> For now, the user sees a message "Not Secure" in the Google Chrome browser
> URL if the user comes to the official ofbiz website. This message can
> confuse the end user and he can move away if he is the new user visiting
> the project website.
>
> This issue can be easily addressed by setting up the apache redirects. This
> change will also help the project URLs from SEO point of view.
>
> Please share your thoughts then we can plan the things accordingly.
> Thanks!
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997 
>