Python Forum
Where has your https gone?
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Where has your https gone?
#11
We havent had a problem in the past with python-forum.org being only http, so its not really on the high priority list. Plus i have never done that before, so i am not even sure on how to do it exactly. Ive asked other linux server admins, and they seem to all say its a pain in the ass. Seeing how much setting up the mail server was a pain in the ass for myself, and they say thats easy, i couldnt imagine what they consider difficult. So i am not really enthusiastic about starting that project of switching the server. And yes ive read some procedures on simple methods, but as with everything, something goes wrong and astray off that the "method" does not explain. Meanwhile the website is unreachable until its fixed or something. 

If another admin wants to tinker with it, I'll lend a hand where i can.
https://www.digitalocean.com/community/t...e-on-a-vps
Recommended Tutorials:
Reply
#12
(Dec-05-2016, 04:44 PM)micseydel Wrote: All regular HTTP requests you make are visible to everyone else on that network

Not supporting HTTPS seems like a major design failure nowadays and may be one of the reasons why more tech-savy users may not want to use a website at all, at all.

EFF's Certbot has instructions for every major Software/System combination, Apache of course included. These Web hosting providers already offer and support Let's encrypt from the get-go. There are also many other clients helping with obtaining your free certificate for you, if you want to dive into the nitty-gritty command line stuff yourselves.

As far as admins currently not having time, knowledge or just don't feel like doing it, that would be another issue entirely, not very much related to creating a more secure encrypted Web for everyone
Reply
#13
I may make it a goal of mine to change it in the future if another admin hasnt done so already, but at his point right now, i dont want to commit to changing it and the possible problems that come with it.
Recommended Tutorials:
Reply
#14
(Jan-09-2017, 02:41 PM)Kebap Wrote:
(Dec-05-2016, 04:44 PM)micseydel Wrote: All regular HTTP requests you make are visible to everyone else on that network

Not supporting HTTPS seems like a major design failure nowadays and may be one of the reasons why more tech-savy users may not want to use a website at all, at all.

What would the average user gain from an HTTPS-enabled python-forum.io, except a slightly lower battery life due to increased computation needs. Everything you do on this site is public (admins can see your PMs:)) and the most private data you have to put on the site is an email address.

Yes, mod and admin passwords can be snooped but this is a risk they take with the site, not with users.
Unless noted otherwise, code in my posts should be understood as "coding suggestions", and its use may require more neurones than the two necessary for Ctrl-C/Ctrl-V.
Your one-stop place for all your GIMP needs: gimp-forum.net
Reply
#15
(Jan-09-2017, 05:35 PM)Ofnuts Wrote: one of the reasons why more tech-savy users may not want to use a website at all, at all.
The only time i ensure a site has https (as a user) is when i input bank, credit card, or social security numbers. That is really slim number of websites, online banking, paypal, ebay, etc. Emails are a dime a dozen and passwords should not be cross site used such as your bank account password the same as your forums password in the first place.


Quote:admins can see your PMs:)
Everything is 100% transparent to admins.

Quote:As far as admins currently not having time, knowledge or just don't feel like doing it, that would be another issue entirely, not very much related to creating a more secure encrypted Web for everyone
i am more on the edge of not feeling like doing it, not that i disagree with it.
Recommended Tutorials:
Reply
#16
(Jan-09-2017, 05:35 PM)Ofnuts Wrote: Yes, mod and admin passwords can be snooped but this is a risk they take with the site, not with users.
I feel like this alone could be enough. When I'm putting my password into a site, I shouldn't have to consider whether I'm on airport or Starbucks wifi, and if I am, it shouldn't be a problem.

(Jan-09-2017, 05:35 PM)Ofnuts Wrote: What would the average user gain from an HTTPS-enabled python-forum.io
HTTPS should be the defaultReally. If we can provide increased security to all of our visitors, it just looks silly not too.

(Caveat: I am busy/lazy enough to have not tried to do this myself yet, and do not see that changing in the near future. But conceptually I am definitely pro-HTTPS.)
Reply
#17
ill play around with it, but i not promising anything yet
Recommended Tutorials:
Reply
#18
So it looks like its working. Its a free cert from letsencrypt. There is a cronjob that is suppose to recert it every couple of months. Ill update the details in the admins/mod thread
Recommended Tutorials:
Reply
#19
Is it Let's Encrypt?
I was looking into it,and it seamed pretty straight forward to implement.
Reply
#20
(Jan-09-2017, 08:39 PM)snippsat Wrote: Is it Let's Encrypt?
Yes it is
Recommended Tutorials:
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  where has your https gone? re-post GustavoWoltmann 3 4,131 Mar-09-2017, 12:42 PM
Last Post: buran
  chat iframe no longer working after https metulburr 1 2,860 Jan-28-2017, 02:25 PM
Last Post: metulburr
Brick https Kebap 14 12,193 Oct-12-2016, 02:59 PM
Last Post: metulburr

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020