Try s3 + cloudflare. You will have to pay for ssl but barring that s3 + cloudflare will let you host a naked domain for almost free. Suppose you want some cheap static publishing, set up a dev heroku instance (free) and have it publish to your s3 bucket.
So, http://www.cloudflare.com/plans shows that to get your custom SSL, you need a "Business" plan at $200/month... so about 20x more expensive than GAE in this case.
I think, yes, that the "CloudFlare-issued" means you have to use a CloudFlare subdomain... But again I did not test. Even if it works, it's still twice as expensive as GAE, doesn't seem to cache the HTML files (as per above comment)...
It is a cloudflare subdomain but it doesn't show that way in the URL, I dont know how that works though. Can anybody explain why this works? I dont have a naked domain with ssl with them but you can check this one out to see what it looks like https://www.luckybolt.com (also thats my brothers startup, if you are in SF, check it out). As you point out though, GAE is $10 / Mo. cheaper. I'll check that out for new projects.
They basically generate the SSL certificate for your domain for you. Their SSL CA partner (GlobalSign IIRC) is basically trusting them with it since they manage their certificate and the domain owner is trusting Cloudflare (this can also be checked in Whois). So you just activate SSL in the options and bam, your site works with SSL within a couple of minutes.
BTW: they use certificates with multiple SANs, so many different domains in the same certificate (and without SNI). This allows to terminate SSL on a single box for many different domains/customers. If you look at certificates details, you will see many unrelated domains in the SAN list.
From my understanding, CloudFlare issued means they use their partner CA to generate you a certificate, while custom means you can source your own certificate and provide it to them.
They've already done as much checking for domain ownership as StartCom do, so they're free to issue you a certificate safely, especially as it will never leave their infrastructure.
You read that page wrong. It's only the Pro plan that you need for custom SSL, which is $20/month. I use it with 5 different HTTPS-enabled domains on CloudFlare.
CloudFlare provides an SSL certificate if you subscribe to their Pro plan, and it does work on your own domain (www and root). That way, you don't have to use StartSSL.
$20 a month for basic ssl. I have 2 criticisims of cloudflare and im a paying customer, which arent even close to making me look for alternatives. 1. They have had a few outages (but everybody does, amazon included). 2. Ive made their page rules engine do what i need but i felt their docs were not deep / technical enough about how their engine works. I had to play a bit to get exactly what i wanted. I have largely been happy though. Im not affiliated with them in any other way.
Also, though cloudflare allows it specifically for this purpose, cnaming a naked domain isnt technically in spec for dns. Every device / browser ive tried deals with it just fine though. If you are a stickler for rules go with a www. subdomain.
One limitation to this setup is that CloudFlare only caches CSS, JS, and images. It won't cache HTML or other dynamic content by default.
However, it IS possible to "trick" CloudFlare into caching this content, by abusing the way it looks at the file extension and headers returned from your servers. If you can find a way to serve all your markup as JSON / JSONP with a ".js" extension and proper caching headers, it will treat it the exact same as a static JavaScript file.
You can do this easily enough with a build/deploy script that sets the right headers in S3 metadata so that CloudFlare receives them with caching headers (Cache-Control, ETag, Expires, etc.)
Note that these free certificates are considered non-commercial-use only.
"The "StartCom Certificate Policy & Practice Statements" document §3.1.2.1 is explicit that the Class 1 (free) certificates are for non-commercial uses only.[3] The previous version of the CPS did not include this restriction.[4]"
You can, however, pay $60 for a personal validation (and potentially an extra $60 for company validation) to use the certs commercially. Actually, this validation lets you generate any number of SSL certificates for sites you own, for two years. This also includes wildcard certs, which you pay through the nose for from everyone else.
These guys are so much cheaper than the rest of the SSL vendors it's not funny. I've got my wildcard StartSSL certificate up on codano.com, and I've generated a few more for internal use. The validation literally took about two hours from start to finish, and most of that was just waiting for an email response/validation phone call and me scanning my passport and business documentation.
Yep. And you can put multiple DNS entries on a single cert - check out my certificate on codano.com: it has "codano.com, "* .codano.com, "angrywizard.com" and "* .angrywizard.com", all on the same cert. The cert was free after paying $120 for personal/corporate verification.
Note that they will confirm that you are the owner of domains you try to request certs for.
While certificates are free for certain uses, there are limitations imposed unless an upgrade is purchased:
- One-year validity.
- One domain name per certificate.
- One certificate per domain name.
- No commercial use
The last is probably a deal breaker for many sites.
We have a bunch of sites that are almost entirely static, but have a php "contact us" email form. Right now they are some bloated PHP CMS thing, and I would really like to switch them over to being static. Does anyone know of a cheap service that provides a form to send email we could have our contact form POST to?
I have helped a friend who does small, static marketing sites. In addition to needing a server for only thing (forwarding contact forms), I've noticed that mail from the low-end shared hosting her clients generally choose is extremely unreliable. So I've wondered if there was a need a service exactly like this. However it seemed so basic I thought... nah.
It is for me. I do mostly static sites for small business, and use embedded forms from jotform.com but would really prefer to be able simply to post the info to an external server which handles sending the email.
So, this is not a service that sends email... but I sometimes use a Google Doc survey in that circumstance. There might be a way to get google doc to email you with the response every time someone submits one?
SNI is a curious choice for a 'Universal' widget, especially when GAE offers dedicated(?) IP addresses. Carriers are still selling Android 2.x phones which will give a certificate error with the widget, and IE on XP isn't exactly a small target. Although i guess it depends on your market.
EDIT: Wow, GAE charges $39/mo[1] for an IP? I know IPv4 is scarce, but i charge my customers $10/mo for SSL, and even that is a big markup on the $1/mo Linode charge me. I would honestly suggest going the VPS route to improve browser compatibility.
You'd want to store them in the blobstore (5GB free storage) [0]. Note that you are not allowed to create multiple GAE apps to stack free quotas (n apps = n * 5GB free blobstore storage) [1].
[1] "4.3 Restrictions. Customer will not, and will not allow third parties under its control to: " ... "(e) create multiple Applications or Accounts to simulate or act as a single Application or Account (respectively) or otherwise access the Service in a manner intended to avoid incurring Fees;"https://developers.google.com/appengine/termsscroll down to 4.3(e)
44 comments
[ 1.3 ms ] story [ 87.2 ms ] thread[update]: i am guessing from the language on the "SSL encryption type" bullet:
"CloudFlare-issued" vs "CloudFlare-issued or custom"
or custom must be what's required to host your own domain ssl cert?
BTW: they use certificates with multiple SANs, so many different domains in the same certificate (and without SNI). This allows to terminate SSL on a single box for many different domains/customers. If you look at certificates details, you will see many unrelated domains in the SAN list.
They've already done as much checking for domain ownership as StartCom do, so they're free to issue you a certificate safely, especially as it will never leave their infrastructure.
Also, though cloudflare allows it specifically for this purpose, cnaming a naked domain isnt technically in spec for dns. Every device / browser ive tried deals with it just fine though. If you are a stickler for rules go with a www. subdomain.
However, it IS possible to "trick" CloudFlare into caching this content, by abusing the way it looks at the file extension and headers returned from your servers. If you can find a way to serve all your markup as JSON / JSONP with a ".js" extension and proper caching headers, it will treat it the exact same as a static JavaScript file.
You can do this easily enough with a build/deploy script that sets the right headers in S3 metadata so that CloudFlare receives them with caching headers (Cache-Control, ETag, Expires, etc.)
See this post for browser support: https://forum.startcom.org/viewtopic.php?f=15&t=1802
According to that page, Windows XP+, Mac OS 10.5+, iOS 2+, and Android 2.2+ are supported.
I'll have to try them.
"The "StartCom Certificate Policy & Practice Statements" document §3.1.2.1 is explicit that the Class 1 (free) certificates are for non-commercial uses only.[3] The previous version of the CPS did not include this restriction.[4]"
You can, however, pay $60 for a personal validation (and potentially an extra $60 for company validation) to use the certs commercially. Actually, this validation lets you generate any number of SSL certificates for sites you own, for two years. This also includes wildcard certs, which you pay through the nose for from everyone else.
These guys are so much cheaper than the rest of the SSL vendors it's not funny. I've got my wildcard StartSSL certificate up on codano.com, and I've generated a few more for internal use. The validation literally took about two hours from start to finish, and most of that was just waiting for an email response/validation phone call and me scanning my passport and business documentation.
Can't recommend them enough.
Good info. Thanks!
Note that they will confirm that you are the owner of domains you try to request certs for.
While certificates are free for certain uses, there are limitations imposed unless an upgrade is purchased: - One-year validity. - One domain name per certificate. - One certificate per domain name. - No commercial use
The last is probably a deal breaker for many sites.
Yes but you can renew for free.
Wouldn't do it for heavy access though.
http://www.w3schools.com/html/tryit.asp?filename=tryhtml_for...
Is this a real pain point for enough people?
Register online-mail-form.com, and ask for £5 a year?
AppEngine would do this for free.
EDIT: Wow, GAE charges $39/mo[1] for an IP? I know IPv4 is scarce, but i charge my customers $10/mo for SSL, and even that is a big markup on the $1/mo Linode charge me. I would honestly suggest going the VPS route to improve browser compatibility.
1. https://cloud.google.com/pricing/
According to GAE's quotas page [1], free hosting of code and static files is only for the first 1GB. After that it is $0.13 per GB per month.
[1] https://developers.google.com/appengine/docs/quotas#Code
[0] https://developers.google.com/appengine/docs/quotas#Blobstor...
[1] "4.3 Restrictions. Customer will not, and will not allow third parties under its control to: " ... "(e) create multiple Applications or Accounts to simulate or act as a single Application or Account (respectively) or otherwise access the Service in a manner intended to avoid incurring Fees;" https://developers.google.com/appengine/terms scroll down to 4.3(e)