#303 [FEEDBACK WANTED] Soft-launching subdomain support for codeberg.page

Open
opened 2 weeks ago by hw · 10 comments
hw commented 2 weeks ago

Hi all,

we are soft-launching subdomain support for https://codeberg.page. User repositories are mapped to https://<username>.codeberg.page/.

Please have a look and let us know how it works for you!

The traditional URLs https://pages.codeberg.org/<username> continue to work for the time being, but might get phased out at some point in time as some reports claim an increased attack surface with this approach (even if we are not aware of any real threat we’d of course love to reduce possible attack vectors as much as possible to keep the platform safe).

There is a caveat for users and organizations containing a dot in the username: SSL certificates do not support multilevel subdomains. If your username contains a dot and you’d like to use codeberg pages on subdomains, please consider replacing these characters in your username. (right now these repos are not redirected, so that https://pages.codeberg.org/<username> will work).

As you know, we also have registered the domain https://codeberg.eu, which is still linked to the testing server https://codeberg-test.org, and currently used for testing. We have not made up our minds about the future use. Please have your say. Thinkable options are:

  • run it in parallel to .page, and leave the choice to the user what URL to give out,
  • keep it as testing domain and fallback if ever needed.

Independently we might want to discuss how to handle redirects, and if one of the domains should have priority.

If there are any preferences please all raise your voice, if appropriate we will organize a poll for decision.

Hi all, we are soft-launching subdomain support for https://codeberg.page. User repositories are mapped to `https://<username>.codeberg.page/`. Please have a look and let us know how it works for you! The traditional URLs `https://pages.codeberg.org/<username>` continue to work for the time being, but might get phased out at some point in time as some reports claim an increased attack surface with this approach (even if we are not aware of any real threat we’d of course love to reduce possible attack vectors as much as possible to keep the platform safe). There is a caveat for users and organizations containing a dot in the username: SSL certificates do not support multilevel subdomains. If your username contains a dot and you'd like to use codeberg pages on subdomains, please consider replacing these characters in your username. (right now these repos are not redirected, so that `https://pages.codeberg.org/<username>` will work). As you know, we also have registered the domain https://codeberg.eu, which is still linked to the testing server https://codeberg-test.org, and currently used for testing. We have not made up our minds about the future use. Please have your say. Thinkable options are: - run it in parallel to .page, and leave the choice to the user what URL to give out, - keep it as testing domain and fallback if ever needed. Independently we might want to discuss how to handle redirects, and if one of the domains should have priority. If there are any preferences please all raise your voice, if appropriate we will organize a poll for decision.

It is a great improvement to the URL now used. I had to regen my site, as it broke the links, but the redirect works fine. I notice it is slower in loading images.

PS. Is custom domain support like GH still in consideration (or I will have to use GH)

It is a great improvement to the URL now used. I had to regen my site, as it broke the links, but the redirect works fine. I notice it is slower in loading images. PS. Is custom domain support like GH still in consideration (or I will have to use GH)

Calling myusername.codeberg.page worked flawlessly for me, certificate works fine, page and links work fine. Awesome improvement!

Calling myusername.codeberg.page worked flawlessly for me, certificate works fine, page and links work fine. Awesome improvement!
nac commented 2 weeks ago

I like it, thanks for a great job.

I like it, thanks for a great job.

Very nice work 👍 And I like the idea of keeping the two domains in parallel and letting users choose which one to use.

Very nice work :thumbsup: And I like the idea of keeping the two domains in parallel and letting users choose which one to use.
ashimokawa commented 2 weeks ago
Owner

@circlebuilder

Custom domains, under consideration, yes, but nothing decided.

There would have to be some mutual trust, I do not want to give that ability to everyone anonymous who just want to have some racist nazi domain and point that to questionable content.

Codeberg pages was meant to complement free projects and moving to far into being a webspace for everyone is something we have to consider very carefully.

@circlebuilder Custom domains, under consideration, yes, but nothing decided. There would have to be some mutual trust, I do not want to give that ability to everyone anonymous who just want to have some racist nazi domain and point that to questionable content. Codeberg pages was meant to complement free projects and moving to far into being a webspace for everyone is something we have to consider *very* carefully.

@ashimokawa entirely agree! There could be some ‘intake’ process where a suggested custom domain is either voted on by other Codeberg users, or vetted by a selected team.

@ashimokawa entirely agree! There could be some 'intake' process where a suggested custom domain is either voted on by other Codeberg users, or vetted by a selected team.

@ashimokawa @circlebuilder - Maybe I just don’t understand it right, but what would be the difference between external domains and internal USERNAME.codeberg.page subdomains in the regard of unwanted content and domain names?

The way it seems to me, in both scenarios unacceptable content is possible and unacceptable usernames are also possible. Wouldn’t it be better to focus on removing content and users that clash with our Terms of Service instead of restricting access to custom domains?

@ashimokawa @circlebuilder - Maybe I just don't understand it right, but what would be the difference between external domains and internal USERNAME.codeberg.page subdomains in the regard of unwanted content and domain names? The way it seems to me, in both scenarios unacceptable content is possible and unacceptable usernames are also possible. Wouldn't it be better to focus on removing content and users that clash with our Terms of Service instead of restricting access to custom domains?
hw commented 2 weeks ago
Owner

There is some risk of abuse of Codeberg for hosting arbitrary web projects no in any way related to FOSS -- causing traffic and load without any tangible benefit for the community.

There is some risk of abuse of Codeberg for hosting arbitrary web projects no in any way related to FOSS -- causing traffic and load without any tangible benefit for the community.

Regarding the .eu domain: I personally would love to see it active. My project’s homepage is also hosted on a .eu homepage, and if the link to the repository did also point to an .eu domain that would quite nice.

Regarding the .eu domain: I personally would love to see it active. My project's homepage is also hosted on a .eu homepage, and if the link to the repository did also point to an .eu domain that would quite nice.
garrison commented 1 week ago

I would recommend adding codeberg.page to the public suffix list. https://publicsuffix.org/

I would recommend adding codeberg.page to the public suffix list. https://publicsuffix.org/
Sign in to join this conversation.
No Milestone
No Assignees
8 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.