When I created this personal website back in 2018, it was supposed to be my small pet project to learn React and use it in a real life example. That mission was of course accomplished. A quick and simple React app with only static text and pages was created and it served as my personal portfolio since then.
A lot of the website has changed over the years, mostly text updates and UI changes. Background image was updated for a "supposedly" better visual; new projects were added and old projects were removed from the site; a blog page was created when I suddenly had a desire to write or plan to write, so on and so forth. However, in the midst of all those changes, one thing has remained the same - the site is always only on HTTP.
HTTP, bad for security, bad for business. As Chrome browser started enforcing HTTPS rule since version 68, an obvious, in-you-face "Not Secure" warning icon has been added in front of the url address bar whenever it visits a HTTP only site. With Chrome browser version 90, it starts using HTTPS as the default connection protocol for a user typed or unfinished url in the address bar - another push to say goodbye to HTTP, and say hello to HTTPS.
But then the questions came to my mind. Does my little personal website really need HTTPS? Do I really want to spend that effort to get my website on HTTPS? For one thing, it's not a e-commerce site and it doesn't ask any user (if any) to submit any information. For another, it's totally usable and visitable even with just HTTP support.
Believe it or not, those questions may not be the main reasons that this site has stayed HTTP only for 3 years, but they certainly played a big part in stopping my fingers on the keyboard every time I see that "Not Secure" warning icon on my site address bar and wanted to do something about it. The other factor is certainly my content with the site as it is and lack of desire or time to update it.
Just to be clear, and to answer my own questions, there are certainly multiple benefits of moving to HTTPS, even for a small scale personal website/blog.
With that said, and some extra time for me to spare, I finally decided to spend some effort to get my site on HTTPS. The process, to my pleasant surprise, which is another way to say to my ignorance on this subject, turned out to be super easy.
As my code repo is on Github and my site is hosted with S3 static website hosting, there are 2 options I can choose from to get on HTTPS:
As indecisive as I can be, I went with the second option in a breeze. Github pages is awesome and I have other side projects hosted on there as quick demos. But for this case, my site is already hosted on S3 and it makes sense to do as little as possible to just put CloudFront in front it.
And there you have it. My site is finally on HTTPS. Does that mean a new era for my little personal website? Who knows. Maybe hardly so. But at least I can finally say - Goodbye, HTTP!