My site now uses HTTPS

06 January 2017

For a while I've been urged, quite rightly, to change my site to use HTTPS rather than plain HTTP. As various people increasingly want to interfere with people's privacy, it's increasingly important to encrypt internet traffic. HTTPS also avoids spoofing my site, not terribly important for a read-only site, but a further good practice.

So this was something I did want to do, but getting around to doing it was a bit of a saga. Part of the problem was infrastructure. Embarrassing though it is to admit, my server was set up in the early 2000s as a snowflake, and since it hardly ever needed anyone to do anything to it, things had got rather dusty. So our first order of business was to recreate it as a Phoenix Server.

There were things for me to deal with too, HTTPS means I can't have any mixed content on my site. The main source of mixed content was tracking pixels for analytics and link affiliate programs. Fortunately it was pretty easy to fix this for Google and Amazon. The awkward one was Rakuten, who handle link royalties for InformIT, which handles my books. It isn't a huge amount of money, but it was annoying to hear that they were only looking into supporting HTTPS. Kudos here to our techops team who fixed that by setting up a reverse proxy.

While doing this wasn't a big or difficult task to fix, it was hard to schedule it amongst all the other stuff on my plate. Looking back on the support thread, it's full of polite reminders from our TechOps staff while I excuse myself by blaming travel, or various other reasons.

But the good news is that today, and are fully working on HTTPS. Links using HTTP still work just fine, they just get redirected. Either way snoopers will no longer be able to see you reading all the dangerous content about refactoring or software architecture on my site.


Thanks to all the various members of our TechOps team for helping me with this, and to Cade Cairns and Daniel Sommerfield for their urging to finally get me to do it.