Make the website HTTPS only

[ExE-Boss]

Right now, PR #11 has made the website only contain HTTPS requests, but the website can still be accessed through HTTP.

In order to change this, someone with access to the CloudFlare configuration for the novaapi.net domain will have to enable HTTPS enforcement.

Steps to resolve:

1. Login into the Cloudflare dashboard at https://dash.cloudflare.com with the account that manages https://novaapi.net
2. If not already done so, ensure that the DNS records use CNAME records pointing to nova‑team.github.io.
3. Set the SSL security level to Full (strict)
4. Enable Always use HTTPS (or at least a Page rule that redirects http://novaapi.net to https://novaapi.net) and Automatic HTTPS Rewrites

External links:

• https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL
• https://blog.cloudflare.com/how-to-make-your-site-https-only/

[ExE-Boss]

With Chrome 68 marking all HTTP only sites as Not Secure and Firefox following soon after, this should be resolved before July.

[ExE-Boss]

With GitHub now finally being in the process of adding official support for GitHub pages with custom domains (see isaacs/github#156 (comment)), this will soon be doable on the GitHub side.

[ExE-Boss]

Support for this has now been added on the GitHub side, and to trigger this, the CNAME file has to be deleted, and then re-added, according to the GitHub Pages with Custom Domains HTTPS troubleshooting page.

Update: This is no longer necessary to enable Full (strict) in Cloudflare’s settings ever since they rolled out SSL for SaaS, which allows the certificate to have the domain contained in the CNAME record instead of the actual domain.

[ExE-Boss]

@calclavia I have now provided the necessary steps to resolve this in the main body of the issue.