send a tag suggestion

which tags should be associated with each other?


why should these tags be associated?

Use the form below to provide more context.

#https


So I'm banging my head against the keyboard trying to work through this tutorial on using cert-manager with Let's Encrypt CA on Google Kubernetes Engine. I am not a good tutorial reader. I will immediately try to rework the example for my own scenario rather than complete it as intended.

I had successfully deployed Plausible Community Edition just fine on my local cluster months ago. But for some reason things were buggy now on GKE.

The first culprit was HSTS. Both Chrome and Firefox were forcing me into HTTPS1. It turns out that I couldn't use Chrome at all because all .dev domains are forced into HSTS in Chrome. It also took me longer than I wanted to realize that I had to close out Firefox completely after resetting HSTS. 😒

And after all that, I run into a breaking bug in one of Plausible's dependencies! Thankfully, it seems that a fix that was merged literally as I sat down to write this post.


  1. I wanted to access the application without HTTPS before adding that part, as per the tutorial.



I had a discussion on here a few weeks ago where people were saying that requiring HTTPs everywhere is not only unnecessary, but actively hurtful because it makes old sites (that "haven't needed updates in years") inaccessible.

This is why that argument, while true, will never be enough to convince me:

when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website

When you visit a website over plain HTTP, you can be silently served malicious payloads by network interceptors. When you visit a website over HTTPS but allow yourself to be downgraded to plain HTTP, the same is true. When a website allows its visitors to be downgraded to plain HTTP, the same is true. Make all of your websites HTTPS-only. Make all of your browsers requires HTTPS-always. It's critical for the privacy and security of both high-profile targets and normal people everywhere.