On Wed, Jul 19, 2017 at 11:59 PM, Stephen Reay <php-li...@koalephant.com> wrote: > > Does it need to be geo-dns, or could it instead be "geo-http" - a small > number of servers responding to (www.)?php.net, which then respond with > http redirects based on client ip. This is similar to how Debians "new" > mirror service works for apt repos. > > > I know it would be very nice to have the URLs stay as php.net (no CCn. > Prefix) but anything else simple is going to involve tls certs for the base > domain on servers the project doesn't control. > > The only other option I can see, would be to use "keyless" tls. It's > described pretty well by CF here: https://www.cloudflare. > com/ssl/keyless-ssl/ > > Unfortunately I don't know that cf have open sourced their nginx&openssl > patches to make them talk to a remote key server. >
I did look at the stuff from Cloudflare last year, but at the time they hadn't opened enough of it to implement. And it is really nice to have www.php.net be fast and low-latency from all over the world. Even the initial request. We are quite spoiled in Europe and North America with our fast peering. But in many other parts of the world, even if the local connection is fast, getting to a server in N.America is quite slow. but yes, eventually we may have to give up on geo-dns if we can't find a decent way to layer https on top of it. -Rasmus
