Opened 7 years ago

Closed 5 years ago

#2008 closed task (wontfix)

FOSS4G 2018 Registration Page SSL

Reported by: markiliffe Owned by: martin
Priority: major Milestone:
Component: SysAdmin Keywords: foss4g2018 ssl


We need a secure, SSL certificated place to place our registration page. We propose to use as the domain for this. Currently, we are using as the page, but would prefer to host our payment clearing page on OGGeo's servers.

Change History (11)

comment:1 by robe, 7 years ago

What server is hosted on. That at any rate should have an SSL cert too.

Then it could in theory be

comment:2 by robe, 7 years ago

Keywords: ssl added
Summary: FOSS4G 2018 Registration PageFOSS4G 2018 Registration Page SSL

in reply to:  1 comment:3 by neteler, 6 years ago

Replying to robe:

What server is hosted on.

--> resolves to

That at any rate should have an SSL cert too.


comment:4 by robe, 6 years ago

updating this with IRC logs from

20:01:27	wildintellect:	my suggestion is we get an OSUOSL VM provisioned
20:01:34	Mark____:	Hello - Mark Iliffe, FOSS4G 2018 Chair here
20:01:46	robe2:	Hi Mark___
20:01:58	cvvergara:	Hello Mark____ thanks for comming
20:02:02	wildintellect:	the plan was to have 2 servers staging and production at all times
20:02:28	Mark____:	No worries @cvvergara
20:02:42	ragnvald:	Hello - Ragnvald Larsen hosting the website
20:03:02	robe2:	Hi ragnvald
20:03:05	ragnvald:	(also program committee chair for foss4g 2018)
20:03:07	jgarnett:	Welcome :)
20:03:08	ragnvald:	hi all!
20:03:32	robe2:	Regina here
20:03:46		* strk here
20:03:54	MartinSpott:	markusN: Tach
20:03:55	cvvergara:	So, lets start with the Agenda ...
20:04:00	markusN:	Hi, Markus here
20:04:04	strk:	MartinSpott: great to see you !
20:04:08	markusN:	Tach
20:04:27	cvvergara:	I will move the topic of FOSS4G 2018 to be the first topic taken care of
20:04:35	wildintellect:
20:04:36	sigabrt:	Title: SAC Meeting 2018-01-04 - OSGeo (at
20:04:48	strk:	hi Ragnvald
20:05:11	strk:	and Mark
20:05:35	strk:	cvvergara: you chair ?
20:05:41	cvvergara:	There are some issues for the FOSS4G that have being "neglected for 3 months) so it seems
20:05:57	cvvergara:	So, first I would like to hear what are the current needs
20:06:23		* cvvergara I was last week, so lets keep this going
20:06:24	robe2:	I think the SSL is a big one.
20:06:42	robe2: needs https
20:06:57	strk:	is it on OSGeo infrastructure ?
20:07:02	wildintellect:	no
20:07:04	robe2:	and if it's an amazon server, should be easy to install letsencrypt on it
20:07:09	wildintellect:	+1
20:07:10	ragnvald:	It is run on an amazon EC2 website
20:07:17	strk:	seems not:
20:07:33	strk:	ragnvald: who'se managing that server ?
20:08:42	robe2:	ragnvald ?
20:08:49	ragnvald:	yes on the ball
20:08:58	ragnvald:	EC2 amazon website (
20:09:37	robe2:	ragnvald so do you manage it or someone else?
20:09:40	Mark____:	we'd be more than happy to host on OSGeo infrastructure, if we can gain full access to
20:09:45	Mark____:	*to it
20:09:55	Mark____:	Currently we, as in Ragnvald and Tim manage that website
20:10:28	robe2:	Mark___ is it mostly static content at the moment or you have some dynamic stuff on it
20:10:40	ragnvald:	My workplace is handling it. So we do it in kind. But I have no objections to move it to the osgeo infrastructure.
20:10:40	Mark____:	Our payments through also need a certificate
20:10:41	sigabrt:	Title: Foss4g2018 - Dar es salaam - Ticket Payment (at
20:11:20	robe2:	Mark___ is there a reason why the payment site is separate from main site aside from the ssl one?
20:11:56	Mark____:	Yes, there is I'm sure.
20:12:08	wildintellect:	who runs the payment site?
20:12:19	Mark____:	Our confernece organisers, we run the bank account
20:12:26	Mark____:	*conference
20:12:47	ragnvald:	The code for the main website is on github - Tim is handling that part. He is basically pushing a static website to the server with every update we have. Nothing fancy going on on the web server.
20:13:15	Mark____:	The code for the payments is also very simple HTML - we'd be happy to host in a single point
20:14:04	wildintellect:	is it using a 3rd party payment service?
20:14:19	Mark____:	yes - Pesapal
20:14:46	Mark____:	We have to use that one as it's one of the few services that will clear USD in Africa
20:14:49		* cvvergara can you give the link to github code of website?
20:15:24	wildintellect:	I'm wondering the same question, why aren't the 2 sites on the same server?
20:17:23	robe2:	Mark___ ragnvald so where is the github site?
20:17:24	Mark____:	Because we wanted to get the service up and running
20:17:49	Mark____:	Our website took time to get up and running and we wanted to launch tickets at FOSS4G in Boston
20:18:12	wildintellect:	would it be possible to merge them?
20:18:29	robe2:	Okay so we could merge them and have the payment site be something like https:/
20:18:35	wildintellect:	+1
20:18:36	ragnvald:
20:18:37	sigabrt:	Title: GitHub - timlinux/foss4g2018: Static website for FOSS4G 2018 - this will be replaced later with a dynamic one (at
20:18:55	Mark____:	That's fine - just wish to ensure we have continuity within our payment systems
20:19:05	wildintellect:	in either case the answer for how to get SSL is LetEncrypt
20:19:26	robe2:	yes letencrypt
20:19:29	strk:	can you set that up on the existing server or do we need all website moved ?
20:19:40	wildintellect:	and SAC involvement is not required to do that, unless you need our help - which requires giving us access to servers
20:19:44	Mark____:	I'd like for us to move away from infrastructure maintained by the LOC
20:19:49	strk:	need/want -- I'm not sure what's our policy reguarding website (do we have an ftp server anywhere?)
20:20:01	Mark____:	This will help the website be ran post conference
20:20:07	robe2:	strk but if you set up automatic push via git
20:20:18	strk:	ok so you do want OSGeo hosting ?
20:20:19	robe2:	like we do for that would be sufficient no?
20:20:19	ragnvald:	... or is it this one:
20:20:20	sigabrt:	Title: GitHub - foss4g2018/foss4g2018: Website for FOSS4G 2018 (at
20:20:22	Mark____:	following this, we'll stop paying for certain things, ie. amazon hosting and mailchimp etc
20:20:26	strk:	wildintellect: would adhoc be the best place for it ?
20:20:32	robe2:	and it wouldn't require manual uploading anywhere
20:20:33	wildintellect:	no
20:20:37	wildintellect:	webextra
20:20:42	strk:	webextra
20:20:43	wildintellect:	where all the foss4g sites live
20:20:58	strk:	robe2: we could setup a cron job pulling from github
20:21:05	robe2:	yes
20:21:06	strk:	on webextra
20:21:13	robe2:	or we could even move it to gitea :)
20:21:25	strk:	sure
20:21:28	strk:	even better
20:21:42	ragnvald:	Will have to confirm with Tim on which of the code repos are the real source.
20:22:40	robe2:	ragnvald is the payment html hosted on some godaddy server or is it under source control somewhere as well?
20:23:03		* strk cannot find DNS for "webextra"... did not work, nor
20:23:16	robe2:	strk speaking of foss4g did you ever here back from guido?
20:23:17	wildintellect:
20:23:22	strk:	robe2: nope
20:23:29	strk:	oh, other way around
20:23:39	wildintellect: also works
20:23:51	robe2:	I can bug him -- he's just down the block from me. I can threaten to come over though I'm too lazy to walk a block in all honesty
20:24:59	wildintellect:	ok so we have a conclusion - 2018.fossg has requested to move to OSGeo hosting, and we'll put SSL in front of it
20:25:01	strk:	the apache config there is weird
20:25:28	wildintellect:	we'll work it out post meeting
20:25:37	ragnvald:	robe2: I am ignorant to the contents of the code.
20:25:38	Mark____:	Awesome. The LOC of 2018 endorses this decision

We should be moving on this.

comment:5 by robe, 6 years ago

Owner: changed from sac@… to martin


Reassigning to you to do under your current contract. I think you'll first want to contact Tim Sutton (who is PSC Chair of QGIS) since I think the main site he is currently hosting as a favor.

comment:6 by Jeff McKenna, 6 years ago

Tim's email is: tim at kartoza dot com

comment:7 by TemptorSent, 6 years ago

It appears that the actual payment processing page is loaded within an iframe on the foss4g site, which could allow an attacker to expose credit card information using javascript. Please audit this and preferably redirect to the external payment processor directly.

comment:8 by timlinux, 6 years ago

@TemptorSent has an outbound link to for the registration page.

Just in order to get the right point of contact, let me clarify the current hosting contacts:

  • Tim Sutton (tim@…) - managing the main event web site which is hosted under GitHub pages. We have no direct control over the server on which the site runs.
  • Brian Paul (brian@…) - managing the registration and ecommerce site via Studio 19 - our logistics partner in Dar Es Salaam. The registration site is deployed on their own server.

Hope that clarifies things a bit.



comment:9 by timlinux, 6 years ago

brian [at]

comment:10 by TemptorSent, 6 years ago

Thank you for clarifying that Tim, I had gotten the impression that the actual registration site itself was being proposed to be moved onto OSGeo's infrastructure, which clearly would not be appropriate.

comment:11 by robe, 5 years ago

Resolution: wontfix
Status: newclosed

2018 is over so this is moot

Note: See TracTickets for help on using tickets.