The page is still not “safe” because some static resources are still served via HTTP.
@Armael It’s not automically redirected. I can still acess http version of the site but can’t post anything
Partial encryption is better than no encryption especially if the only http requests are the logos, isn’t it?
I’ve switched all the logos to https://, and adjusted the oAuth redirects to use https:// too. I’m not sure if the http:// domain is fully redirected yet though, or if it uses HSTS. There may be signin problems from http:// now…
There are no HSTS headers on the responses. May you can raise an issue with Discourse support.
I think we can CC @discourse directly here. Is it possible to disable
http:// access entirely and force
https:// on hosted instances?
Josh, I’m still investigating how to create a new topic via email. I believe it’s a beta feature, but activating it does nothing at the moment. I’ll investigate…
HSTS is now active on the site, so all access should now be https:// only from now on. Thanks @discourse support for the quick response!
thanks for setting this up @avsm. I’m curious why you chose to pay discourse and have it hosted on their servers instead of installing it on some machine (in computer labs in Cambridge or any other hoster where you already have computers)? According to https://github.com/discourse/discourse/blob/master/docs/INSTALL-cloud.md it should be straightforward, and would allow to a) not pay $100 monthly b) have control over our data.
Hi @hannes, I did it this way since:
- hosting incoming e-mail is non-trivial, and the hosted service provides excellent spam filtering. Cambridge blocks port 25 and is generally a bit of a pain to route around
- this is an experiment initially, and setting it up with the hosted service took minutes rather than hours of machine setup.
- for a complex service such as Discourse, it’s best to get familiar with it before hosting it ourselves. While initial installation is easy, maintenance and uptime is no fun.
- they have kindly given us a massive 85% discount on their usual price, and I am keen to support their open source efforts by paying them.
- there is no signifiant loss of our data control as we can export it any move to a hosted one any time. There is also very little private data on this service except for passwords to this service itself. The oAuth privs required are minimal.
Hope that clarifies the reasons for hosting vs deploying a VM for this.
In response to a query I have now activated OCaml, Haskell and Coq syntax highlighting for Markdown code blocks.
The person who hosts Elixir’s and Ruby’s might be up for hosting ocaml’s as well if you want. I could contact him? He does have user badges on his installs. It is also entirely mailing-list enabled as that is a common vector that many people use it. Would also save a lot of money. ^.^
The entire Discourse API is via JSON, you can add
.json to the end of any url to get the json information of that page, and you submit in a similar fashion as well. It is dead simple.
I appreciate the offer, but I believe that the existing setup is fine. It has scaled out fine for Rust, and the fees are quite manageable.
I’m overall happy with it, except its need to seemingly randomly repeat other messages in some of the messages at the end which is confusing.
You can uncheck " Include an excerpt of replied to post in emails" in Email preferences to disable that.
Ah that’s what it means (I had “Include previous replies at the bottom of emails” set to “never” so I was confused). Thanks !
Heya, can you clarify what “paid” refers to here? I’m not very familiar with the Discourse business model. Does that mean that the site administrators will be paying Discourse for some kind of premium features/ordinary hosting in non-beta mode/etc.? I hope it’s safe to assume that the site remains free to participants.
This just means that we pay for the hosted service, courtesy of Discourse staff. This instance will always remain free for users, and we have regular backups that mean we can move it to a self-hosted version in the future without any loss of data.
Do we have an idea of the price of that service? If necessary, it would be great to have some way to contribute. I find the Discoure far more pleasant and engaging than a mailing list, and I would gladly help.
It’s at the academic rate on the discourse website (an 85% discount) and currently sponsored by Jane Street and OCaml Labs. Right now, your time is the most valuable way to contribute rather than financially – helping to ensure that this forum continues to remain a positive, welcoming and constructive place would be most appreciated. I’m very happy with the first month of activity, but it will take all of us to continue to contribute our attention to ensure it remains this way
If @gasche or I can do anything in terms of promoting people to moderators or otherwise configuring it to ensure that “power users” are unblocked, please do let me know.