5apps Dev Bloghttp://blog.5apps.com/2022-02-11T03:43:00Z5apps Dev TeamNew SSH Host Keys for 5apps Deploy/2022/02/11/new-ssh-host-keys-for-5apps-deploy.html2022-02-11T03:43:00Z2022-02-11T03:43:00ZSebastian Kippe<p>If you previously pushed a Git repository to 5apps Deploy, you may
encounter a message like this since today:</p>
<pre><code class="plain">@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:7z5tc5IcgqrRz6cXFf4MExk8eSo8IEng9WldnWkuBnw.
Please contact your system administrator.
Add correct host key in /Users/tony/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/tony/.ssh/known_hosts:23
ECDSA host key for 5apps.com has changed and you have requested strict checking.
Host key verification failed.
</code></pre>
<p>It is safe to delete the offending line (line 23 in the above example) from
your <code>known_hosts</code> file and accept our new host key.</p>
<p>The fingerprints for the various host key algorithms are as follows:</p>
<h3>DSA</h3>
<pre><code>SHA256:teG1e0AyLVL3u82oyywaC5PEkSbgxYcsBZ40MlvJe1c
</code></pre>
<h3>ECDSA</h3>
<pre><code>SHA256:7z5tc5IcgqrRz6cXFf4MExk8eSo8IEng9WldnWkuBnw
</code></pre>
<h3>Ed25519</h3>
<pre><code>SHA256:eGvRhs70x1Dt/6xtwYtgoKp+/ClDpyS08Rs53+ALiwE
</code></pre>
<h3>RSA</h3>
<pre><code>SHA256:Hjfxmm6c7EdpL5xETjKpSqZvHadF0BO03RvNUR2YRkc
</code></pre>
<p>If you previously pushed a Git repository to 5apps Deploy, you may
encounter a message like this since today:</p>
<pre><code class="plain">@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:7z5tc5IcgqrRz6cXFf4MExk8eSo8IEng9WldnWkuBnw.
Please contact your system administrator.
Add correct host key in /Users/tony/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/tony/.ssh/known_hosts:23
ECDSA host key for 5apps.com has changed and you have requested strict checking.
Host key verification failed.
</code></pre>
<p>It is safe to delete the offending line (line 23 in the above example) from
your <code>known_hosts</code> file and accept our new host key.</p>
<p>The fingerprints for the various host key algorithms are as follows:</p>
<h3>DSA</h3>
<pre><code>SHA256:teG1e0AyLVL3u82oyywaC5PEkSbgxYcsBZ40MlvJe1c
</code></pre>
<h3>ECDSA</h3>
<pre><code>SHA256:7z5tc5IcgqrRz6cXFf4MExk8eSo8IEng9WldnWkuBnw
</code></pre>
<h3>Ed25519</h3>
<pre><code>SHA256:eGvRhs70x1Dt/6xtwYtgoKp+/ClDpyS08Rs53+ALiwE
</code></pre>
<h3>RSA</h3>
<pre><code>SHA256:Hjfxmm6c7EdpL5xETjKpSqZvHadF0BO03RvNUR2YRkc
</code></pre>
Scheduled maintenance on Tuesday, July 17/2018/07/10/provider-move.html2018-07-10T13:00:00Z2018-07-10T13:00:00ZSebastian Kippe<p><em>Please note: originally, this announcement was for Wednesday, July 11.
However, we hit an unexpected roadblock during the initial migration and had to
move the date.</em></p>
<p>As already announced on our <a href="https://status.5apps.com">system status site</a>, We
will be moving most of 5apps’ services to a new datacenter next Tuesday
afternoon at 12:00 GMT. The planned impact will be as follows:</p>
<h3>Deploy</h3>
<p>We will be putting the 5apps.com Web UI in maintenance mode for a planned
maximum of 3 hours. There will be no downtime for hosted apps.</p>
<p>If you are using a custom domain, and it is routed to 5apps Deploy using a DNS
A record with our current IP address, you will receive an email containing the
new IP address sometime soon. However, we will be routing all traffic to the
old IP to the new datacenter for a while, so you do not have to sweat anything.
Just follow the instructions in the email at a time of your choosing.</p>
<h3>Storage</h3>
<p>The 5apps Storage Web UI will be put in maintenance mode for a maximum of 3
hours. This means you will not be able to authorize new apps, or revoke
authorizations during that time. Your storage account itself will be put into
read-only mode for a short amount of time within the maintenance window, so you
can still read data, but not write any new data to it. Most
remoteStorage-enabled apps will just keep working normally, and sync any data
you changed during the window as soon as the account is writable again. Some
apps will show an offline indicator/status.</p>
<h3>Managed Storage</h3>
<p>Storage accounts will behave exactly like outlined above. Creating and deleting
tokens will be possible under a new subdomain/URL, when 5apps.com is put into
maintenance mode. You will be contacted by our team, who will also answer any
questions you might have, and help in any way they can.</p>
<p><em>Please note: originally, this announcement was for Wednesday, July 11.
However, we hit an unexpected roadblock during the initial migration and had to
move the date.</em></p>
<p>As already announced on our <a href="https://status.5apps.com">system status site</a>, We
will be moving most of 5apps’ services to a new datacenter next Tuesday
afternoon at 12:00 GMT. The planned impact will be as follows:</p>
<h3>Deploy</h3>
<p>We will be putting the 5apps.com Web UI in maintenance mode for a planned
maximum of 3 hours. There will be no downtime for hosted apps.</p>
<p>If you are using a custom domain, and it is routed to 5apps Deploy using a DNS
A record with our current IP address, you will receive an email containing the
new IP address sometime soon. However, we will be routing all traffic to the
old IP to the new datacenter for a while, so you do not have to sweat anything.
Just follow the instructions in the email at a time of your choosing.</p>
<h3>Storage</h3>
<p>The 5apps Storage Web UI will be put in maintenance mode for a maximum of 3
hours. This means you will not be able to authorize new apps, or revoke
authorizations during that time. Your storage account itself will be put into
read-only mode for a short amount of time within the maintenance window, so you
can still read data, but not write any new data to it. Most
remoteStorage-enabled apps will just keep working normally, and sync any data
you changed during the window as soon as the account is writable again. Some
apps will show an offline indicator/status.</p>
<h3>Managed Storage</h3>
<p>Storage accounts will behave exactly like outlined above. Creating and deleting
tokens will be possible under a new subdomain/URL, when 5apps.com is put into
maintenance mode. You will be contacted by our team, who will also answer any
questions you might have, and help in any way they can.</p>
Just launched: Instant deployment rollbacks/2017/02/27/just-launched-instant-deployment-rollbacks.html2017-02-27T12:00:00Z2017-02-27T12:00:00ZSebastian Kippe<p>We’ve all been there before: you just deployed an update of your app to
thousands of users, but then you realize something is wrong. Perhaps exception
notifications start piling up, or you even see an outright blank page due to
some nasty bug. In any case, finding the cause, fixing it, and deploying a new
version, is oftentimes not a good option in emergency situations.</p>
<p>So we just launched a new feature for <em>Deploy</em>, which we had been testing and
improving with some of our own apps for a while. You can now <strong>instantly rollback
your deployments to earlier versions</strong> from your project’s deployments panel:</p>
<p><img alt="Screenshot of deployment rollbacks" src="/images/screenshot-rollbacks.png" /></p>
<p>Within seconds of pressing that button, your app or site will be delivered in
exactly the state it was after that specific deployment.</p>
<h3>How does it work?</h3>
<p>The buttons are fairly self-explanatory, but here’s what happens behind the
scenes: We’ll <strong>keep the last 5 builds of your app</strong> in our storage backend,
where assets are delivered from.</p>
<p>The build number of the active version of your app is then stored in our Redis
cache, which our load balancers also use for determining if your app has
<a href="http://localhost:4567/2013/04/09/history-api.html">History API</a> enabled for
example (i.e. direct all URLs to <code>index.html</code>).</p>
<p>When you rollback or forward your project to a different version, we just
switch the version key in that cache, and the load balancers then immediately
start delivering the assets for that specific version.</p>
<h3>Caveat</h3>
<p>If you’re using AppCache (e.g. via our automatic AppCache manifest generation),
then depending on how much time passed between the deployment and your rolling
it back, users might have cached the latest version of your app, of course.</p>
<p>In that case, they’ll either have to wait until their next visit (default with
AppCache), or you can always prompt them to reload, whenever a new version
has been downloaded and cached in the background. For the latter, we also offer
an automated deployment strategy, which you can enable by just flipping a
switch on your app’s deployment settings page.</p>
<h3>Questions?</h3>
<p>If you have any questions or feedback, just leave a comment below. You can also
ping us <a href="https://twitter.com/5apps">on Twitter</a>, drop us an
<a href="mailto:support@5apps.com">email</a>, or visit our <a href="https://5apps.tenderapp.com/">support
site</a>.</p>
<p>We’ve all been there before: you just deployed an update of your app to
thousands of users, but then you realize something is wrong. Perhaps exception
notifications start piling up, or you even see an outright blank page due to
some nasty bug. In any case, finding the cause, fixing it, and deploying a new
version, is oftentimes not a good option in emergency situations.</p>
<p>So we just launched a new feature for <em>Deploy</em>, which we had been testing and
improving with some of our own apps for a while. You can now <strong>instantly rollback
your deployments to earlier versions</strong> from your project’s deployments panel:</p>
<p><img alt="Screenshot of deployment rollbacks" src="/images/screenshot-rollbacks.png" /></p>
<p>Within seconds of pressing that button, your app or site will be delivered in
exactly the state it was after that specific deployment.</p>
<h3>How does it work?</h3>
<p>The buttons are fairly self-explanatory, but here’s what happens behind the
scenes: We’ll <strong>keep the last 5 builds of your app</strong> in our storage backend,
where assets are delivered from.</p>
<p>The build number of the active version of your app is then stored in our Redis
cache, which our load balancers also use for determining if your app has
<a href="http://localhost:4567/2013/04/09/history-api.html">History API</a> enabled for
example (i.e. direct all URLs to <code>index.html</code>).</p>
<p>When you rollback or forward your project to a different version, we just
switch the version key in that cache, and the load balancers then immediately
start delivering the assets for that specific version.</p>
<h3>Caveat</h3>
<p>If you’re using AppCache (e.g. via our automatic AppCache manifest generation),
then depending on how much time passed between the deployment and your rolling
it back, users might have cached the latest version of your app, of course.</p>
<p>In that case, they’ll either have to wait until their next visit (default with
AppCache), or you can always prompt them to reload, whenever a new version
has been downloaded and cached in the background. For the latter, we also offer
an automated deployment strategy, which you can enable by just flipping a
switch on your app’s deployment settings page.</p>
<h3>Questions?</h3>
<p>If you have any questions or feedback, just leave a comment below. You can also
ping us <a href="https://twitter.com/5apps">on Twitter</a>, drop us an
<a href="mailto:support@5apps.com">email</a>, or visit our <a href="https://5apps.tenderapp.com/">support
site</a>.</p>
New service integration: Deploy notifications for Mattermost/2017/02/16/new-service-integration-deploy-notifications-for-mattermost.html2017-02-16T14:45:00Z2017-02-16T14:45:00ZSebastian Kippe<p>It’s no secret that we care a lot about open source software at 5apps. So we’re
excited to announce that you can now receive notifications from 5apps Deploy in
your <a href="https://about.mattermost.com/">Mattermost</a> chatrooms:</p>
<p><img alt="Screenshot of Mattermost chatroom integration" src="/images/screenshot-mattermost-chatroom.png" /></p>
<p>You can set it up from the “Services” settings page in your app panel, where
you could already connect Slack, Sentry, Ghost Inspector and other services:</p>
<p><img alt="Screenshot of 5apps Deploy services settings" src="/images/screenshot-mattermost-services.png" /></p>
<p>We’ll be adding more services over time, and we happily accept your suggestions
for new services to integrate. If you’d like to request a new one, you can do
that straight from the settings page, using the link under the services
selection.</p>
<p>Enjoy!</p>
<p>It’s no secret that we care a lot about open source software at 5apps. So we’re
excited to announce that you can now receive notifications from 5apps Deploy in
your <a href="https://about.mattermost.com/">Mattermost</a> chatrooms:</p>
<p><img alt="Screenshot of Mattermost chatroom integration" src="/images/screenshot-mattermost-chatroom.png" /></p>
<p>You can set it up from the “Services” settings page in your app panel, where
you could already connect Slack, Sentry, Ghost Inspector and other services:</p>
<p><img alt="Screenshot of 5apps Deploy services settings" src="/images/screenshot-mattermost-services.png" /></p>
<p>We’ll be adding more services over time, and we happily accept your suggestions
for new services to integrate. If you’d like to request a new one, you can do
that straight from the settings page, using the link under the services
selection.</p>
<p>Enjoy!</p>
Persona.org is shutting down/2016/11/29/persona-org-shutting-down-this-week.html2016-11-29T10:46:00Z2016-11-29T10:46:00ZSebastian Kippe<p>Unfortunately, <a href="http://persona.org">persona.org</a> is finally being shut down
this Thursday. We were big fans of both the <a href="https://github.com/mozilla/id-specs/blob/prod/browserid/index.md">BrowserID
protocol</a> and
Mozilla’s Persona service. And so were our users. Around 30% of new accounts
were created using Persona, until Mozilla announced its shutdown in January
this year.</p>
<p>Personally, I still think it was a great idea, which unfortunately wasn’t met
with enough enthusiasm on the side of the big email providers. But no point in
wallowing in the past, so here’s what you can do, in case you signed up on
<a href="https://5apps.com">5apps.com</a> via Persona and haven’t enabled another login
option yet.</p>
<h3>Connect GitHub, Bitbucket, or GitLab.com</h3>
<p>In addition to our existing <a href="https://github.com">GitHub</a> login, we also just
added support for <a href="https://bitbucket.org/">Bitbucket</a> and
<a href="https://gitlab.com/">GitLab.com</a>. All of these options will also import your
SSH public keys to 5apps Deploy, in case you’re signed up for it.</p>
<p>You can enable these options <a href="https://5apps.com/account/connections">on the Connections page in your account
settings</a>, after logging in with Persona
(before Thursday) or via username/password.</p>
<h3>Enable username/password login</h3>
<p>In order to enable password login, just go to your <a href="https://5apps.com/users/edit">account
settings</a> and enter a new password. In case you
can’t log in via any other method anymore, just <a href="https://5apps.com/users/password/new">request a password
reset</a>, and we’ll send you an email with
a reset link right away.</p>
<h3>Questions?</h3>
<p>If you have any questions or feedback, just leave a comment below. You can also
ping us <a href="https://twitter.com/5apps">on Twitter</a>, drop us an
<a href="mailto:support@5apps.com">email</a>, or visit our <a href="https://5apps.tenderapp.com/">support
site</a>.</p>
<p>Unfortunately, <a href="http://persona.org">persona.org</a> is finally being shut down
this Thursday. We were big fans of both the <a href="https://github.com/mozilla/id-specs/blob/prod/browserid/index.md">BrowserID
protocol</a> and
Mozilla’s Persona service. And so were our users. Around 30% of new accounts
were created using Persona, until Mozilla announced its shutdown in January
this year.</p>
<p>Personally, I still think it was a great idea, which unfortunately wasn’t met
with enough enthusiasm on the side of the big email providers. But no point in
wallowing in the past, so here’s what you can do, in case you signed up on
<a href="https://5apps.com">5apps.com</a> via Persona and haven’t enabled another login
option yet.</p>
<h3>Connect GitHub, Bitbucket, or GitLab.com</h3>
<p>In addition to our existing <a href="https://github.com">GitHub</a> login, we also just
added support for <a href="https://bitbucket.org/">Bitbucket</a> and
<a href="https://gitlab.com/">GitLab.com</a>. All of these options will also import your
SSH public keys to 5apps Deploy, in case you’re signed up for it.</p>
<p>You can enable these options <a href="https://5apps.com/account/connections">on the Connections page in your account
settings</a>, after logging in with Persona
(before Thursday) or via username/password.</p>
<h3>Enable username/password login</h3>
<p>In order to enable password login, just go to your <a href="https://5apps.com/users/edit">account
settings</a> and enter a new password. In case you
can’t log in via any other method anymore, just <a href="https://5apps.com/users/password/new">request a password
reset</a>, and we’ll send you an email with
a reset link right away.</p>
<h3>Questions?</h3>
<p>If you have any questions or feedback, just leave a comment below. You can also
ping us <a href="https://twitter.com/5apps">on Twitter</a>, drop us an
<a href="mailto:support@5apps.com">email</a>, or visit our <a href="https://5apps.tenderapp.com/">support
site</a>.</p>
Just launched: Free and instant HTTPS for custom domains/2016/06/06/just-launched-free-and-instant-https-for-custom-domains.html2016-06-06T16:00:00Z2016-06-06T16:00:00ZSebastian Kippe<p>Good news, everyone! As of this week, we’re offering free, automatic, instant
HTTPS for your custom domains on <a href="https://5apps.com/deploy/">5apps Deploy</a>!</p>
<p>There’s no need for any manual steps in the whole process. As soon as you add a
custom domain and point it to our servers, your app will automatically receive
a certificate upon the first time it is visited via that domain.</p>
<p>Certificates are issued by <a href="https://letsencrypt.org/">Let’s Encrypt</a>, a free,
automated, and open Certificate Authority (CA). They are renewed automatically
every few weeks by our configuration management systems.</p>
<p>In short: lean back and rest assured that your apps are delivered securely by
an always-up-to-date infrastructure without you having to lift a finger, ever!
Read on for some more details on the benefits of HTTPS (specifically for
client-side web apps), and how to upgrade your existing apps on <em>Deploy</em>.</p>
<h3>Let’s encrypt the whole Web</h3>
<p>The reasons for going HTTPS all the way by default are many:</p>
<h4>Security</h4>
<p>The most obvious benefit is security and safety for your users. With a plain
HTTP connection, it’s not possible for their browser or device to validate that
your app’s JavaScript and other resources were actually delivered from the
correct server. That leaves a wide-open space for man-in-the-middle attacks and
stealing your user’s data. <sup><a href="#fn-1">1</a></sup></p>
<h4>Privacy & Censorship</h4>
<p>Another problem with bad actors in the middle being able to read user
connections in plain text is that it’s easy to log hostnames and URLs being
requested. That makes it possible for ISPs (and in turn authoritarian
governments) to both store detailed profiles of users’ browsing activity, as
well as block specific content by its domain name or URL (without having to
block everything hosted under the same IP address).</p>
<h4>Performance</h4>
<p><em>Deploy</em> supports <a href="https://en.wikipedia.org/wiki/HTTP/2">HTTP/2</a> for modern
clients (and <a href="https://en.wikipedia.org/wiki/SPDY">SPDY</a> for older ones).
However, browsers only enable HTTP/2 when TLS/HTTPS is used. That means in
order to enjoy the significant performance benefits of multiplexing requests,
your site needs to be delivered via HTTPS.<sup><a href="#fn-2">2</a></sup></p>
<h4>Access to Web Platform APIs</h4>
<p>With most of the Web community being in consensus about wanting to encrypt the
whole Web using HTTPS for the above-mentioned reasons<sup><a href="#fn-3">3</a></sup>,
browser vendors recently began restricting access to certain Web APIs for
sites on insecure origins in their browsers (e.g.
<a href="https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only">Geolocation</a>
and <a href="https://www.chromestatus.com/feature/5703419427815424">getUserMedia</a> in
Chrome). Likewise, new APIs will require HTTPS from the start, if they are
sensitive to users’ security or privacy. The best way to ensure the
uninterrupted functionality of apps using these features is to upgrade them to
HTTPS as soon as possible.</p>
<h3>Upgrading your existing apps to HTTPS</h3>
<ul>
<li><p>Existing apps on <em>Deploy</em> without a custom domain (using
<code>yoursubdomain.5apps.com</code>) have been HTTPS by default <a href="/2013/02/18/new-subdomains-and-ssl-for-everybody.html">for over 3
years</a>
now. If you previously considered using a custom domain, but didn’t want to pay
extra for a certificate, now you can set it up for free.</p></li>
<li><p>Apps with a custom domain, for which you subscribed to our <a href="/2014/08/04/introducing-ssl-for-custom-domains.html">previous HTTPS
add-on service</a>,
have been switched to the new, free certificates. The paid add-on will
automatically expire and you will not be charged for renewal.</p></li>
<li><p>If you were running an app with a custom domain but no SSL certificate on
<em>Deploy</em>, we have set up all of your apps for HTTPS already. However, in case
you are relying on Web Storage, calls to HTTP APIs, or unencrypted WebSocket
endpoints, we disabled automatic redirects to the HTTPS version of your app.
Please check your email, as we have notified you in case your app is among
those.</p></li>
</ul>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>
<h3>Part 2: AppCache, Web Storage, and upgrading to HTTPS origins</h3>
<p>We’ll soon publish a follow-up post about how we dealt with updating your
cached offline apps using AppCache from HTTP to HTTPS. It will also include
information on how to deal with migrating Web Storage data between HTTP and
HTTPS origins. <a href="/feed.xml">Subscribe to this blog</a> or <a href="https://twitter.com/5apps">follow us on
Twitter</a> if you’re interested.</p>
<h3>Footnotes</h3>
<ol>
<li><span id="fn-1">While it is possible to attack HTTPS connections as well, it
requires a lot of effort and usually specific targeting of single users,
whereas attacks on HTTP can be done on a large scale in addition to being easy
to attempt for anyone.</span></li>
<li><span id="fn-2">We saw up to 35% load time decrease over HTTP 1.1 for apps
delivered over SPDY and HTTP/2. Especially mobile clients with high-latency
connections benefit considerably, when they can use a single TCP connection
to load all resources.</span></li>
<li><span id="fn-3">Also see the <a href="https://w3c.github.io/webappsec-secure-contexts/">W3C Secure Contexts spec
draft</a></span></li>
</ol>
<p>Good news, everyone! As of this week, we’re offering free, automatic, instant
HTTPS for your custom domains on <a href="https://5apps.com/deploy/">5apps Deploy</a>!</p>
<p>There’s no need for any manual steps in the whole process. As soon as you add a
custom domain and point it to our servers, your app will automatically receive
a certificate upon the first time it is visited via that domain.</p>
<p>Certificates are issued by <a href="https://letsencrypt.org/">Let’s Encrypt</a>, a free,
automated, and open Certificate Authority (CA). They are renewed automatically
every few weeks by our configuration management systems.</p>
<p>In short: lean back and rest assured that your apps are delivered securely by
an always-up-to-date infrastructure without you having to lift a finger, ever!
Read on for some more details on the benefits of HTTPS (specifically for
client-side web apps), and how to upgrade your existing apps on <em>Deploy</em>.</p>
<h3>Let’s encrypt the whole Web</h3>
<p>The reasons for going HTTPS all the way by default are many:</p>
<h4>Security</h4>
<p>The most obvious benefit is security and safety for your users. With a plain
HTTP connection, it’s not possible for their browser or device to validate that
your app’s JavaScript and other resources were actually delivered from the
correct server. That leaves a wide-open space for man-in-the-middle attacks and
stealing your user’s data. <sup><a href="#fn-1">1</a></sup></p>
<h4>Privacy & Censorship</h4>
<p>Another problem with bad actors in the middle being able to read user
connections in plain text is that it’s easy to log hostnames and URLs being
requested. That makes it possible for ISPs (and in turn authoritarian
governments) to both store detailed profiles of users’ browsing activity, as
well as block specific content by its domain name or URL (without having to
block everything hosted under the same IP address).</p>
<h4>Performance</h4>
<p><em>Deploy</em> supports <a href="https://en.wikipedia.org/wiki/HTTP/2">HTTP/2</a> for modern
clients (and <a href="https://en.wikipedia.org/wiki/SPDY">SPDY</a> for older ones).
However, browsers only enable HTTP/2 when TLS/HTTPS is used. That means in
order to enjoy the significant performance benefits of multiplexing requests,
your site needs to be delivered via HTTPS.<sup><a href="#fn-2">2</a></sup></p>
<h4>Access to Web Platform APIs</h4>
<p>With most of the Web community being in consensus about wanting to encrypt the
whole Web using HTTPS for the above-mentioned reasons<sup><a href="#fn-3">3</a></sup>,
browser vendors recently began restricting access to certain Web APIs for
sites on insecure origins in their browsers (e.g.
<a href="https://developers.google.com/web/updates/2016/04/geolocation-on-secure-contexts-only">Geolocation</a>
and <a href="https://www.chromestatus.com/feature/5703419427815424">getUserMedia</a> in
Chrome). Likewise, new APIs will require HTTPS from the start, if they are
sensitive to users’ security or privacy. The best way to ensure the
uninterrupted functionality of apps using these features is to upgrade them to
HTTPS as soon as possible.</p>
<h3>Upgrading your existing apps to HTTPS</h3>
<ul>
<li><p>Existing apps on <em>Deploy</em> without a custom domain (using
<code>yoursubdomain.5apps.com</code>) have been HTTPS by default <a href="/2013/02/18/new-subdomains-and-ssl-for-everybody.html">for over 3
years</a>
now. If you previously considered using a custom domain, but didn’t want to pay
extra for a certificate, now you can set it up for free.</p></li>
<li><p>Apps with a custom domain, for which you subscribed to our <a href="/2014/08/04/introducing-ssl-for-custom-domains.html">previous HTTPS
add-on service</a>,
have been switched to the new, free certificates. The paid add-on will
automatically expire and you will not be charged for renewal.</p></li>
<li><p>If you were running an app with a custom domain but no SSL certificate on
<em>Deploy</em>, we have set up all of your apps for HTTPS already. However, in case
you are relying on Web Storage, calls to HTTP APIs, or unencrypted WebSocket
endpoints, we disabled automatic redirects to the HTTPS version of your app.
Please check your email, as we have notified you in case your app is among
those.</p></li>
</ul>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>
<h3>Part 2: AppCache, Web Storage, and upgrading to HTTPS origins</h3>
<p>We’ll soon publish a follow-up post about how we dealt with updating your
cached offline apps using AppCache from HTTP to HTTPS. It will also include
information on how to deal with migrating Web Storage data between HTTP and
HTTPS origins. <a href="/feed.xml">Subscribe to this blog</a> or <a href="https://twitter.com/5apps">follow us on
Twitter</a> if you’re interested.</p>
<h3>Footnotes</h3>
<ol>
<li><span id="fn-1">While it is possible to attack HTTPS connections as well, it
requires a lot of effort and usually specific targeting of single users,
whereas attacks on HTTP can be done on a large scale in addition to being easy
to attempt for anyone.</span></li>
<li><span id="fn-2">We saw up to 35% load time decrease over HTTP 1.1 for apps
delivered over SPDY and HTTP/2. Especially mobile clients with high-latency
connections benefit considerably, when they can use a single TCP connection
to load all resources.</span></li>
<li><span id="fn-3">Also see the <a href="https://w3c.github.io/webappsec-secure-contexts/">W3C Secure Contexts spec
draft</a></span></li>
</ol>
Introducing service integrations/2016/03/24/introducing-service-integrations.html2016-03-24T16:00:00Z2016-03-24T16:00:00ZSebastian Kippe<p>Good news, everyone! We just launched a new feature that lets you integrate
<a href="https://5apps.com/deploy">Deploy</a> with other services on the Internet. You can
find it in the settings menu of your app panels:</p>
<p><img tag="Screenshot" src="/images/screenshot-service-integrations.png" /></p>
<p>We’re starting out with a few popular services, most of which we’re using for
our own apps. Those are:</p>
<ul>
<li><a href="https://slack.com">Slack</a> and <a href="https://grove.io">Grove.io</a> for group chat</li>
<li><a href="https://getsentry.com">Sentry</a> for exception/release tracking</li>
<li><a href="https://ghostinspector.com/">Ghost Inspector</a> for automated UI testing</li>
<li>A generic webhook for your own custom workflows and integrations</li>
</ul>
<p>However, these are just a start. Use the link beneath the services list in
order to tell us, which services you’d like to see next! We’re already looking
forward to your requests.</p>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>
<p>Good news, everyone! We just launched a new feature that lets you integrate
<a href="https://5apps.com/deploy">Deploy</a> with other services on the Internet. You can
find it in the settings menu of your app panels:</p>
<p><img tag="Screenshot" src="/images/screenshot-service-integrations.png" /></p>
<p>We’re starting out with a few popular services, most of which we’re using for
our own apps. Those are:</p>
<ul>
<li><a href="https://slack.com">Slack</a> and <a href="https://grove.io">Grove.io</a> for group chat</li>
<li><a href="https://getsentry.com">Sentry</a> for exception/release tracking</li>
<li><a href="https://ghostinspector.com/">Ghost Inspector</a> for automated UI testing</li>
<li>A generic webhook for your own custom workflows and integrations</li>
</ul>
<p>However, these are just a start. Use the link beneath the services list in
order to tell us, which services you’d like to see next! We’re already looking
forward to your requests.</p>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>
A new system status site/2015/07/31/a-new-system-status-site.html2015-07-31T07:40:00Z2015-07-31T07:40:00ZSebastian Kippe<p>About two years ago we <a href="https://blog.5apps.com/2013/08/23/introducing-our-status-dashboard.html">first
launched</a>
our system status dashboard, keeping you up-to-date with the live status of all
our infrastructure components.</p>
<p>As an uptime company – hosting both your <a href="https://5apps.com/deploy">client-side apps and static
websites</a>, as well as people’s precious <a href="https://5apps.com/storage">personal
data</a> – we kept an excellent track record of
keeping your things online and speedy since day one. But sometimes things just
naturally go awry.</p>
<p>DDoS attacks on servers or whole networks, degraded hardware performance, and
other problematic situations arise. And when they do, it’s important to us that
you’re in the loop about what’s happening exactly.</p>
<p>In order to fulfill that goal even better from now on, we just launched <a href="https://status.5apps.com">a
completely new system status site</a>:</p>
<p><a href="https://status.5apps.com"><img alt="Screenshot" src="/images/screenshot-cachet.png" /></a></p>
<p>Our new site is based on <a href="https://cachethq.io/">Cachet</a>, an excellent open
source status page system. Compared to our old site, it brings some very useful
improvements:</p>
<ul>
<li>Status types are clearer and more exact. They now include “performance
issues” (the most common one in day-to-day operations) and “partial outage”,
apart from the less common “major outage”.</li>
<li>Incidents aren’t tied to one service/component necessarily anymore. An attack
on our whole network e.g. will be a single incident with a single update
stream (while retaining correct status per service).</li>
<li>Better status types for incident updates, ranging from “investigating” to “solved”</li>
<li>First-class support for scheduled maintenance announcements and statuses</li>
<li>A single RSS (or ATOM) feed to subscribe to instead of one per service</li>
</ul>
<p>There are even some additional features we’re not using yet, but which we will
set up in the near future. Namely email subscriptions, as well as displaying
key metrics on the dashboard (like e.g. mean response time).</p>
<p>As was the case before, the status site is hosted outside of our core
infrastructure, so that the likelihood of it being slow or unavailable when it
matters most is extremely small.</p>
<p>Let us know if you like the new site, and be sure to <a href="https://cachethq.io/">check out
Cachet</a> in case you need something similar for your own
organization or project!</p>
<p><hr></p>
<p><strong>P.S.</strong> I just realized that we launched this just in time for <a href="http://sysadminday.com/">System
Administrator Appreciation Day 2015</a>. So, happy
SysAdmin Day to our master of infrastructure,
<a href="https://twitter.com/gregkare">@gregkare</a>, who’s been doing an amazing job at
5apps and beyond! (He’s also very funny on Twitter; you should follow him.)</p>
<p>About two years ago we <a href="https://blog.5apps.com/2013/08/23/introducing-our-status-dashboard.html">first
launched</a>
our system status dashboard, keeping you up-to-date with the live status of all
our infrastructure components.</p>
<p>As an uptime company – hosting both your <a href="https://5apps.com/deploy">client-side apps and static
websites</a>, as well as people’s precious <a href="https://5apps.com/storage">personal
data</a> – we kept an excellent track record of
keeping your things online and speedy since day one. But sometimes things just
naturally go awry.</p>
<p>DDoS attacks on servers or whole networks, degraded hardware performance, and
other problematic situations arise. And when they do, it’s important to us that
you’re in the loop about what’s happening exactly.</p>
<p>In order to fulfill that goal even better from now on, we just launched <a href="https://status.5apps.com">a
completely new system status site</a>:</p>
<p><a href="https://status.5apps.com"><img alt="Screenshot" src="/images/screenshot-cachet.png" /></a></p>
<p>Our new site is based on <a href="https://cachethq.io/">Cachet</a>, an excellent open
source status page system. Compared to our old site, it brings some very useful
improvements:</p>
<ul>
<li>Status types are clearer and more exact. They now include “performance
issues” (the most common one in day-to-day operations) and “partial outage”,
apart from the less common “major outage”.</li>
<li>Incidents aren’t tied to one service/component necessarily anymore. An attack
on our whole network e.g. will be a single incident with a single update
stream (while retaining correct status per service).</li>
<li>Better status types for incident updates, ranging from “investigating” to “solved”</li>
<li>First-class support for scheduled maintenance announcements and statuses</li>
<li>A single RSS (or ATOM) feed to subscribe to instead of one per service</li>
</ul>
<p>There are even some additional features we’re not using yet, but which we will
set up in the near future. Namely email subscriptions, as well as displaying
key metrics on the dashboard (like e.g. mean response time).</p>
<p>As was the case before, the status site is hosted outside of our core
infrastructure, so that the likelihood of it being slow or unavailable when it
matters most is extremely small.</p>
<p>Let us know if you like the new site, and be sure to <a href="https://cachethq.io/">check out
Cachet</a> in case you need something similar for your own
organization or project!</p>
<p><hr></p>
<p><strong>P.S.</strong> I just realized that we launched this just in time for <a href="http://sysadminday.com/">System
Administrator Appreciation Day 2015</a>. So, happy
SysAdmin Day to our master of infrastructure,
<a href="https://twitter.com/gregkare">@gregkare</a>, who’s been doing an amazing job at
5apps and beyond! (He’s also very funny on Twitter; you should follow him.)</p>
Introducing SSL for custom domains/2014/08/04/introducing-ssl-for-custom-domains.html2014-08-04T10:30:00Z2014-08-04T10:30:00ZSebastian Kippe<p><img alt="Screenshot" src="/images/screenshot-ssl-custom-domain.png" /></p>
<p>Good news, everyone! We’re finally launching one of the most requested features
of <a href="https://5apps.com/deploy/home">5apps Deploy</a>: SSL for custom domains. It’s
available immediately on all plans, including the free tier.</p>
<h3>How it works</h3>
<ol>
<li>You can order SSL for custom domains for the duration of either 1 or 2 years.
We’ll send you a reminder when it’s time to renew, of course.</li>
<li>The SSL certificate purchase, setup, and maintenance is fully managed by us.
We’ll even regenerate and exchange your certificates on
<a href="http://heartbleed.com/">Heartbleed</a>-type security events. You just
order, and we’ll take care of the rest.</li>
<li>For your own domain you’ll get the same <a href="/2014/06/05/let-s-reset-the-net.html">excellent SSL
setup</a> that we’re
using for all 5apps sites and services, as well as for the free
<code>*.5apps.com</code> subdomains that you get with every app. <a href="https://www.ssllabs.com/ssltest/analyze.html?d=5hacks.com">Check out this
example on
SSL Labs</a> for all
details.</li>
<li>The SSL setup is not attached to a specific app. You can switch domains on
apps as much as you want, and if there’s a certificate available it’ll
automatically be used with the app that’s using that domain.</li>
</ol>
<p>Orders usually take less than 24 hours to complete. In the case of subdomains,
you’ll need to <a href="http://help.5apps.com/kb/deploy/adding-a-cname-record-to-verify-ownership-of-your-domain">add a new CNAME
record</a>
in order to validate your domain first.</p>
<h3>Benefits</h3>
<p>Apart from the obvious benefits of vastly increased security and privacy for
your users, there’s one advantage you might not know about yet:</p>
<p>5apps Deploy <a href="http://spdycheck.org/#5hacks.com">supports the SPDY protocol</a>,
making your apps and sites load much faster on high-latency connections, like
e.g. on mobile networks. But as SPDY actually requires SSL in order to work,
it is only available on either <code>*.5apps.com</code> subdomains or custom domains with
SSL enabled.</p>
<p>That means just by enabling SSL, you might be able to give your users
significant load time improvements, especially on mobile devices and when you
include a lot of separate resources.</p>
<h3>Where to order</h3>
<p>First, you need to set up your custom domain on an app. As soon as you’ve done
that, you’ll see links for enabling SSL for that domain right under the custom
domain field in your app settings panel:</p>
<p><img alt="Screenshot" src="/images/screenshot-domain-settings-ssl.png" /></p>
<p>You can also see an overview of all your custom domains as well as their SSL
status on your <a href="https://5apps.com/account/settings/developer">developer account page</a>.</p>
<h3>Caveat</h3>
<p>In order to be able to use multiple SSL certificates on one IP address, we’re
using <a href="https://en.wikipedia.org/wiki/Server_Name_Indication">Server Name
Indication</a> (SNI). This
protocol has been around for a while, so it is supported by all modern
browsers and operating systems. However, it’s not supported by Internet
Explorer and Safari on Windows XP, as well as the stock browser on Android 2.x.
In those cases we’re automatically downgrading to HTTP, so that your users
aren’t confronted with invalid-certificate warnings.</p>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>
<p><img alt="Screenshot" src="/images/screenshot-ssl-custom-domain.png" /></p>
<p>Good news, everyone! We’re finally launching one of the most requested features
of <a href="https://5apps.com/deploy/home">5apps Deploy</a>: SSL for custom domains. It’s
available immediately on all plans, including the free tier.</p>
<h3>How it works</h3>
<ol>
<li>You can order SSL for custom domains for the duration of either 1 or 2 years.
We’ll send you a reminder when it’s time to renew, of course.</li>
<li>The SSL certificate purchase, setup, and maintenance is fully managed by us.
We’ll even regenerate and exchange your certificates on
<a href="http://heartbleed.com/">Heartbleed</a>-type security events. You just
order, and we’ll take care of the rest.</li>
<li>For your own domain you’ll get the same <a href="/2014/06/05/let-s-reset-the-net.html">excellent SSL
setup</a> that we’re
using for all 5apps sites and services, as well as for the free
<code>*.5apps.com</code> subdomains that you get with every app. <a href="https://www.ssllabs.com/ssltest/analyze.html?d=5hacks.com">Check out this
example on
SSL Labs</a> for all
details.</li>
<li>The SSL setup is not attached to a specific app. You can switch domains on
apps as much as you want, and if there’s a certificate available it’ll
automatically be used with the app that’s using that domain.</li>
</ol>
<p>Orders usually take less than 24 hours to complete. In the case of subdomains,
you’ll need to <a href="http://help.5apps.com/kb/deploy/adding-a-cname-record-to-verify-ownership-of-your-domain">add a new CNAME
record</a>
in order to validate your domain first.</p>
<h3>Benefits</h3>
<p>Apart from the obvious benefits of vastly increased security and privacy for
your users, there’s one advantage you might not know about yet:</p>
<p>5apps Deploy <a href="http://spdycheck.org/#5hacks.com">supports the SPDY protocol</a>,
making your apps and sites load much faster on high-latency connections, like
e.g. on mobile networks. But as SPDY actually requires SSL in order to work,
it is only available on either <code>*.5apps.com</code> subdomains or custom domains with
SSL enabled.</p>
<p>That means just by enabling SSL, you might be able to give your users
significant load time improvements, especially on mobile devices and when you
include a lot of separate resources.</p>
<h3>Where to order</h3>
<p>First, you need to set up your custom domain on an app. As soon as you’ve done
that, you’ll see links for enabling SSL for that domain right under the custom
domain field in your app settings panel:</p>
<p><img alt="Screenshot" src="/images/screenshot-domain-settings-ssl.png" /></p>
<p>You can also see an overview of all your custom domains as well as their SSL
status on your <a href="https://5apps.com/account/settings/developer">developer account page</a>.</p>
<h3>Caveat</h3>
<p>In order to be able to use multiple SSL certificates on one IP address, we’re
using <a href="https://en.wikipedia.org/wiki/Server_Name_Indication">Server Name
Indication</a> (SNI). This
protocol has been around for a while, so it is supported by all modern
browsers and operating systems. However, it’s not supported by Internet
Explorer and Safari on Windows XP, as well as the stock browser on Android 2.x.
In those cases we’re automatically downgrading to HTTP, so that your users
aren’t confronted with invalid-certificate warnings.</p>
<h3>Questions? Feedback?</h3>
<p>As always, we’d love to hear your feedback and answer any questions you might
have! Use the comments below, shoot us <a href="https://twitter.com/5apps">a tweet</a>,
drop us an <a href="mailto:support@5apps.com">email</a>, or visit our <a href="http://help.5apps.com">support
site</a>.</p>