Tuesday, May 30, 2017

Announcing HTTPS for web apps

Last summer, we introduced automatic HTTPS for all OCF-hosted websites with virtual hosting, helping keep private data sent to these websites safe from government spies and would-be password thieves. Today, we are announcing the same feature for our web application hosting service.

This enhancement has already been rolled out for existing web apps, and it will come out-of-the-box for new ones. For more info, check out the original announcement as well as the updated FAQ below.

What do I need to do?

Most likely, nothing. Thanks to greatly increased Let's Encrypt request rate limits, we can download certificates and configure your website to use SSL almost immediately.

Will this break existing links to my website? Do I need to update posters with the new link?

No. We will issue 301 redirects to the updated URL.

Are you sending the HSTS header?

Still not yet, but it's certainly on the agenda now that we've been using HTTPS on regular virtual hosts for almost a year. We already send the HSTS header for www.ocf.berkeley.edu, including all websites for individual accounts.

What even is app hosting? How do I get it?

Web application hosting is a relatively new service we offer which allows groups to develop sophisticated websites using modern web technologies not available with regular virtual hosting. The eligibility requirements are the same as for regular virtual hosting, and you can apply be emailing hostmaster@ocf.berkeley.edu. Please read the help page for more information.

If you have any more questions, please email us.

Finally, you can log into your website at ease!