Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Bottom Page

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Where has your https gone?
#11
We havent had a problem in the past with python-forum.org being only http, so its not really on the high priority list. Plus i have never done that before, so i am not even sure on how to do it exactly. Ive asked other linux server admins, and they seem to all say its a pain in the ass. Seeing how much setting up the mail server was a pain in the ass for myself, and they say thats easy, i couldnt imagine what they consider difficult. So i am not really enthusiastic about starting that project of switching the server. And yes ive read some procedures on simple methods, but as with everything, something goes wrong and astray off that the "method" does not explain. Meanwhile the website is unreachable until its fixed or something. 

If another admin wants to tinker with it, I'll lend a hand where i can.
https://www.digitalocean.com/community/t...e-on-a-vps
micseydel and ichabod801 like this post
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote
#12
(Dec-05-2016, 04:44 PM)micseydel Wrote: All regular HTTP requests you make are visible to everyone else on that network

Not supporting HTTPS seems like a major design failure nowadays and may be one of the reasons why more tech-savy users may not want to use a website at all, at all.

EFF's Certbot has instructions for every major Software/System combination, Apache of course included. These Web hosting providers already offer and support Let's encrypt from the get-go. There are also many other clients helping with obtaining your free certificate for you, if you want to dive into the nitty-gritty command line stuff yourselves.

As far as admins currently not having time, knowledge or just don't feel like doing it, that would be another issue entirely, not very much related to creating a more secure encrypted Web for everyone
Quote
#13
I may make it a goal of mine to change it in the future if another admin hasnt done so already, but at his point right now, i dont want to commit to changing it and the possible problems that come with it.
micseydel likes this post
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote
#14
(Jan-09-2017, 02:41 PM)Kebap Wrote:
(Dec-05-2016, 04:44 PM)micseydel Wrote: All regular HTTP requests you make are visible to everyone else on that network

Not supporting HTTPS seems like a major design failure nowadays and may be one of the reasons why more tech-savy users may not want to use a website at all, at all.

What would the average user gain from an HTTPS-enabled python-forum.io, except a slightly lower battery life due to increased computation needs. Everything you do on this site is public (admins can see your PMs:)) and the most private data you have to put on the site is an email address.

Yes, mod and admin passwords can be snooped but this is a risk they take with the site, not with users.
metulburr likes this post
Unless noted otherwise, code in my posts should be understood as "coding suggestions", and its use may require more neurones than the two necessary for Ctrl-C/Ctrl-V.
Your one-stop place for all your GIMP needs: gimp-forum.net
Quote
#15
(Jan-09-2017, 05:35 PM)Ofnuts Wrote: one of the reasons why more tech-savy users may not want to use a website at all, at all.
The only time i ensure a site has https (as a user) is when i input bank, credit card, or social security numbers. That is really slim number of websites, online banking, paypal, ebay, etc. Emails are a dime a dozen and passwords should not be cross site used such as your bank account password the same as your forums password in the first place.


Quote:admins can see your PMs:)
Everything is 100% transparent to admins.

Quote:As far as admins currently not having time, knowledge or just don't feel like doing it, that would be another issue entirely, not very much related to creating a more secure encrypted Web for everyone
i am more on the edge of not feeling like doing it, not that i disagree with it.
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote
#16
(Jan-09-2017, 05:35 PM)Ofnuts Wrote: Yes, mod and admin passwords can be snooped but this is a risk they take with the site, not with users.
I feel like this alone could be enough. When I'm putting my password into a site, I shouldn't have to consider whether I'm on airport or Starbucks wifi, and if I am, it shouldn't be a problem.

(Jan-09-2017, 05:35 PM)Ofnuts Wrote: What would the average user gain from an HTTPS-enabled python-forum.io
HTTPS should be the defaultReally. If we can provide increased security to all of our visitors, it just looks silly not too.

(Caveat: I am busy/lazy enough to have not tried to do this myself yet, and do not see that changing in the near future. But conceptually I am definitely pro-HTTPS.)
Quote
#17
ill play around with it, but i not promising anything yet
sparkz_alot and micseydel like this post
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote
#18
So it looks like its working. Its a free cert from letsencrypt. There is a cronjob that is suppose to recert it every couple of months. Ill update the details in the admins/mod thread
micseydel, sparkz_alot, snippsat like this post
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote
#19
Is it Let's Encrypt?
I was looking into it,and it seamed pretty straight forward to implement.
Quote
#20
(Jan-09-2017, 08:39 PM)snippsat Wrote: Is it Let's Encrypt?
Yes it is
*Describe the environment in which it occurs.                                    *Describe the symptoms of your problem clearly.
*Describe the research you did to try and understand the problem.      *Describe the goal, not the step. 
*Use meaningful, specific subject headers                                          *Write in clear, grammatical, correctly-spelled language
*Describe the problem's symptoms, not your guesses                         *Describe your problem's symptoms in chronological order
*Describe the diagnostic steps you took to try and pin down the problem yourself.
*Describe any possibly relevant recent changes in your computer or software configuration. 
*Provide a way to reproduce the problem in a controlled environment.
Quote

Top Page

Possibly Related Threads...
Thread Author Replies Views Last Post
  where has your https gone? re-post GustavoWoltmann 3 140 Mar-09-2017, 12:42 PM
Last Post: buran
  chat iframe no longer working after https metulburr 1 157 Jan-28-2017, 02:25 PM
Last Post: metulburr
Brick https Kebap 14 857 Oct-12-2016, 02:59 PM
Last Post: metulburr

Forum Jump:


Users browsing this thread: 1 Guest(s)