CityCyclingEdinburgh Forum » This site

https certificate

(15 posts)
  • Started 4 months ago by bwduncan
  • Latest reply from boothym

No tags yet.


  1. bwduncan
    Member

    Hi,

    Are there any plans to provide HTTPS? I get that part of the charm of this site is the simple nature of the forum software, but while (for the sake of argument) 25% of users might be tech-savvy and would welcome the extra security, 25% might be technophobic and not know that they are sending their email and password (which may well be shared with other sites) in the clear on public WiFi, for example.

    There are free HTTPS certificates available from LetsEncrypt, and all modern web servers support HTTPS. I'd be happy to help with the transition, if necessary.

    Thanks,
    Bruce

    Posted 4 months ago #

  2. Arellcat
    Moderator

    Paging @chrisfl. @chrisfl to the red lighty-up top secret hyper-encrypted secure courtesy telephone, please.

    Posted 4 months ago #

  3. chrisfl
    Member

    I did look at this some time ago, the setup was a nginx front end with the LetEncrypt certificate. The main issue is that non https urls are baked into the site and I could never get it working.

    Posted 4 months ago #

  4. Baldcyclist
    Member

    I've had this with WP sites (I know this one isn't), I exported the DB, opened the sql file in a text editor, did a fnd and replace, and then re-imported the DB.

    More techie folk may do something similar with scripts.

    Posted 4 months ago #

  5. mcairney
    Member

    The 'correct' way to do this would be to have a rewrite/redirect rule to turn all HTTP URLs into HTTPS- this would also mean any existing links to the http site wouldn't break.
    I've done this before in Apache but not in nginx.

    Posted 4 months ago #

  6. Baldcyclist
    Member

    "correct way"

    Yep, you would hope that would do it, but then when the site ends up in a redirect loop, and you can't login, and the call has come back from the infrastructure team saying everything looks grand on the servers. You sometimes have to change the URLs in the database. :)

    Anyway, often what shouldn't be complicated often is. :)

    Posted 4 months ago #

  7. chrisfl
    Member

    This is exactly what happened, the site kept redirecting back to http:// version which then

    Posted 4 months ago #

  8. Baldcyclist
    Member

    Oh, I see bbpress is just a WP plugin which makes sense.

    For WP the site we had that was broken was a WP multisite with around 1000 sites on it.

    Really steps were:
    Check .htaccess file and check that matched what WP suggested in Settings > Network settings
    Go to config.php and make sure that is mapped to https.
    Go to database and go to wp_options, make sure 'siteurl' and 'home' are set to https.

    We had to go deeper than that as it was a multisite site, and change siteurl for every site on the network (which was the complex bit that needed scripting, if just one site straight forward as above).

    We also had an issue when we had fixed the redirect that there would be another error when you navigated to the WP dashbord, I can't remember if that needed the .htaccess file at the wp_admin ammended, or wheather there was another table in the datavase that needed ammended. Can look back at messages if that happens though. :)

    I don't know if bbpress holds URL info as well, so might be worth a poke around there in the DB as well, but certainly we didn't need to do anything plugin specific on our multisite and there's a number of plugins on that.

    Posted 4 months ago #

  9. chrisfl
    Member

    If anyone wants to look at the code currently running the site, there is a copy here: https://github.com/chrisfleming/citycyclingedinburgh.info/

    It didn't occur to me that URL's might be hardcoded into the database as it's just so shortsighted, but I will have a look around and see.

    Posted 4 months ago #

  10. neddie
    Member

    Lack of https now means I have to perform 11 clicks to log back into the site after it keeps throwing me off. This is due to “resistance” built into iOS to stop people autopasswording into non secure sites. This also makes it slightly less likely I’ll bother to post

    Posted 4 months ago #

  11. CycleAlex
    Member

    Could you not stick the site behind a free Cloudflare plan? They offer flexible HTTPS that only encrypts between the browser and Cloudflare. Not perfect but would still display as a HTTPS connection.

    Posted 4 months ago #

  12. cb
    Member

    Yeah, agree on the Cloudflare option. Should be pretty quick to change it over and no change required on the site itself, just an NS change on the registrar.

    Posted 4 months ago #

  13. mcairney
    Member

    Not sure it's worth enabling HTTPS, seeing what breaks then trying to fix forward?
    Until recently it was only a minor annoyance as I use a separate, generated password for this site anyway via a password manager although recently the autofill on my iphone seems to have stopped working (which might be the same issue neddie refers to?)

    Posted 4 months ago #

  14. neddie
    Member

    @mcairney. Yeah same issue I think. You can still use the autofill, you just have to click username, click autofill, click CCE account, click username in autofill, confirm, click password on CCE, click autofill, click CCE account, click password in autofill, confirm, hit login. Or something like that. 11 clicks and you’re there

    Posted 4 months ago #

  15. boothym
    Member

    Looking at Github, there's half a dozen files including the index page with its redirect which have http:// in them.

    https://github.com/search?q=repo%3Achrisfleming%2Fcitycyclingedinburgh.info+citycyclingedinburgh.info&type=code

    Posted 4 months ago #

RSS feed for this topic

Reply

You must log in to post.


Video embedded using Easy Video Embed plugin