Results 1 to 21 of 21

Thread: SSL for PE

  1. #1

    SSL for PE

    Hey guys, may I suggest that you use https for the PE site? You can get a free certificate from Let's Encrypt (which is backed by just about every major web org), that's very easy to install and setup. I can help if you need it.

    https://letsencrypt.org/
    "Always ready with the ray of sunshine"

  2. #2
    Nothing, guys?
    "Always ready with the ray of sunshine"

  3. #3
    Moderator Duncan Glenday's Avatar
    Join Date
    Apr 2003
    Location
    Frederick, MD
    Posts
    2,243
    Sorry - not (deliberately ) ignoring you - I'll get onto this shortly.

    Bear in mind that an SSL would have had NO impact on the hack we had a few weeks ago.
    Regards,

    Duncan

  4. #4
    But since we're typing a lot here, SSL would be good.. and free: https://letsencrypt.org/
    "Always ready with the ray of sunshine"

  5. #5
    Got forced to change my password by vBulletin this morning. I had been waiting to "upgrade" to a stronger password once I knew for certain PE was secure.

    How are things looking on that front?
    If you're actually reading this then chances are you already have my last album but if NOT and you're curious:
    https://battema.bandcamp.com/

    Also, Ephemeral Sun: it's a thing and we like making things that might be your thing: https://ephemeralsun.bandcamp.com

  6. #6
    Outraged bystander markwoll's Avatar
    Join Date
    Nov 2012
    Location
    Northern Virginia
    Posts
    4,574
    Quote Originally Posted by battema View Post
    Got forced to change my password by vBulletin this morning. I had been waiting to "upgrade" to a stronger password once I knew for certain PE was secure.

    How are things looking on that front?
    I suspect crickets chirping
    "It is the mark of an educated mind to be able to entertain a thought without accepting it."
    -- Aristotle
    Nostalgia, you know, ain't what it used to be. Furthermore, they tells me, it never was.
    “A Man Who Does Not Read Has No Appreciable Advantage Over the Man Who Cannot Read” - Mark Twain

  7. #7
    Yep, never hurts to ask tho
    If you're actually reading this then chances are you already have my last album but if NOT and you're curious:
    https://battema.bandcamp.com/

    Also, Ephemeral Sun: it's a thing and we like making things that might be your thing: https://ephemeralsun.bandcamp.com

  8. #8
    Member Jerjo's Avatar
    Join Date
    Nov 2012
    Location
    small town in ND
    Posts
    6,601
    It's not like PE is Duncan's day job. It can wait.
    I don't like country music, but I don't mean to denigrate those who do. And for the people who like country music, denigrate means 'put down.'- Bob Newhart

  9. #9
    Moderator Sean's Avatar
    Join Date
    Jun 2001
    Location
    Georgia
    Posts
    2,972
    Duncan is overseas for the next few weeks.

  10. #10
    Yep, no instant worries Just thought I'd ask since the reset reminded me.

  11. #11
    Quote Originally Posted by Jerjo View Post
    It's not like PE is Duncan's day job. It can wait.
    As much as I appreciate the work involved (running my own sites), however Let's Encrypt is not only free, but takes minutes to set up. It's so easy, and protects all of us.
    "Always ready with the ray of sunshine"

  12. #12
    *bump*

    just fyi, but google chrome goes SSL by default on 7/24; PE doesn't load properly over SSL.
    Last edited by strawberrybrick; 07-23-2018 at 10:00 PM.
    "Always ready with the ray of sunshine"

  13. #13
    Quote Originally Posted by strawberrybrick View Post
    *bump*

    just fyi, but google chrome goes SSL by default on 7/24; PE doesn't load properly over SSL.
    The problem here is not all the elements are secure and the non-secure elements are being dropped by the browser.

    I recently converted progforums.com to SSL and used PHP code in the forum header to re-write the address bar to the https version of any page. This can also be achieved in the .htaccess file on Apache systems.

    One problem is, if one of your users links, for example, an image on a remote site that is not secure, the browser will report that the page security is broken and the image won't appear (or in IE, it'll ask you if you want to display the non-secure items). I was able to use the forum's censoring rules to convert some known addresses to https - for example I have a rule that converts http://www.progforums.com to https://www.progforums.com. This saved me having to find them all and correct them manually!

    Of course, you can't simply convert all http:// to https:// because you can't guarantee any particular remote site is secure.

    It is a bit of a can of worms, unfortunately

  14. #14
    On my sites, urls are written //www.whatever.com/ and the code appends the rest. I know it's worms, but there's no other way forward.
    "Always ready with the ray of sunshine"

  15. #15
    Well with forum software, its usually a case of changing a base URL somewhere in the database, but then you need to make sure anyone hitting the site from the old URL gets redirected to the secure version. This also helps search engines find your site and stops them thinking your site is duplicated.

    As I said, I did this in the php file that generates the header of each page and I assume a similar thing could be done to a vBulletin site.

    If I was going to do it here, my code would be something like this:

    Code:
    $redirect = false;
    
    $path = $_SERVER['REQUEST_URI'];
    
    
    
    
    
    $url = $_SERVER['HTTP_HOST'];
    
    if ($url != 'www.progressiveears.org') {
    
        $redirect = true;
    
    }
    
    $SSL_test = $_SERVER['HTTPS'];
    if ($SSL_test != true) {
      $redirect = true;
    
    }
    
    
    
    if ($redirect==true){
    
        header('HTTP/1.1 301 Moved Permanently');
    
        header('Location: https://www.progressiveears.org'  .$path);
    
    }
    This will ensure any incoming URL that doesn't match www.progressiveears.org or is not https gets rewritten.

  16. #16
    I run Apache, and use .htaccess to redirect to ssl/https.
    "Always ready with the ray of sunshine"

  17. #17
    "Always ready with the ray of sunshine"

  18. #18
    Outraged bystander markwoll's Avatar
    Join Date
    Nov 2012
    Location
    Northern Virginia
    Posts
    4,574
    Did you notice, well did you?
    Not all the way there, but something.
    "It is the mark of an educated mind to be able to entertain a thought without accepting it."
    -- Aristotle
    Nostalgia, you know, ain't what it used to be. Furthermore, they tells me, it never was.
    “A Man Who Does Not Read Has No Appreciable Advantage Over the Man Who Cannot Read” - Mark Twain

  19. #19
    Member interbellum's Avatar
    Join Date
    Sep 2014
    Location
    Xymphonia-city
    Posts
    5,006
    Quote Originally Posted by markwoll View Post
    Did you notice, well did you?
    Not all the way there, but something.
    sssssssssssssssssss

    Good job!

  20. #20
    Moderator Duncan Glenday's Avatar
    Join Date
    Apr 2003
    Location
    Frederick, MD
    Posts
    2,243


    "Not all the way there" will be fixed shortly.
    Regards,

    Duncan

  21. #21
    Yesterday or the day before? I noticed a diff...
    "Always ready with the ray of sunshine"

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •