Pages: (5) 1 2 3 ... Last » ( Go to first unread post ) Add ReplyNew TopicNew Poll

 HTTPS Encrypted Browsing
#
HTTPS Encrypted BrowsingPlease let me know if you have any questions/comments after reading the wiki (and I know there will be questions).

signature
email: admin@jcink.com :: blog: John C.
#
More importantly, let me know if you find any bugs browsing around on this forum under HTTPS. I only encountered 2 major bugs, the first was related to BBCode buttons. The second was quick-edit not being compatible with HTTPS. Both have been fixed.

In the coming weeks, I will be encouraging HTTPS use for all *.jcink.net users for the Admin CP. I'm working to make the Admin CP 100% https ready.

signature
email: admin@jcink.com :: blog: John C.
#
    When I go to upload an avatar on my site, it makes this the URL:

    CODE
    https://files.jcink.net/uploads/x/av-1.png


    I use a special bit of coding that requires the url of my site, which it was before?

    That code looks like this:

    CODE
    http://x.b1.jcink.com/uploads/x//av-<!-- |id| -->.png
PM
#
You can substitute x.b1.jcink.com with files.jcink.net, it won't make a difference. As long as /x/ is in the path, that's where your board's actual folder is on the system.

so take (if you're trying to work with https)

http://x.b1.jcink.com/uploads/x//av-<!-- |id| -->.png

and change it to

CODE
https://files.jcink.net/uploads/x/av-<!-- |id| -->.png


I did change a lot of our resource/media URLs to be more consistent to deal with this change which is why you're seeing the links as they are now.

signature
email: admin@jcink.com :: blog: John C.
#
    Okay that makes a ton of sense. c:

    I went ahead and made those changes like you said and you're right; there really is no difference other than it loads faster for me (not sure why, but might just be the difference in URL, IDK my computer is weird sometimes).
PM
#
multiplicity! HTTPS is significantly faster than HTTP in some "test" cases, you are probably seeing a little speed bump with the forums.

http://www.httpvshttps.com/

signature
email: admin@jcink.com :: blog: John C.
#
So what are your plans for making this work with custom domain names? Will it be something in the Domain Control Center for the ACP or would it be something we do through our own registrar (namecheap for example)?

signature
user posted image
#
QUOTE (GMaster479 @ Mar 11 2017, 02:34 PM)
So what are your plans for making this work with custom domain names? Will it be something in the Domain Control Center for the ACP or would it be something we do through our own registrar (namecheap for example)?


The conundrum with domain names is that each domain needs its own SSL certificate.

We paid for all jcink domain users since it was a wildcard certificate through SSLTrust. Our *.jcink.net certificate was an "expensive" one ($400), but the cert covers everyone for 3 years.

Standard domain name certificates namecheap for SSL are only $9.00/year per domain name. Not so bad, but a significant cost increase yearly for someone who has. And every year the certificate expires, it needs to be renewed and sent to us and I'll have to manually insert their cert.

Ideally what I would like to do for domain owners is utilize a free solution called Let's Encrypt instead ( https://letsencrypt.org/ ). A problem with those certificates however, is that they only last 90 days. So a board owner would need to generate a new certificate every 90 days, then give it to us.

Obviously this adds a LOT of labor and inconvenience, along with "complexity", and the first option is less labor for us and the board owner, but adds cost.

The ultimate solution would be a way to enter a lets encrypt account's details into the Admin CP, and have our server automatically go to their site via some API and "create" a cert then load it in. This will take some time to fully implement and I'm not even sure I'll have this implemented by the end of this year.

I will, at the very least I think be ready to accept yearly certificates sometime during the summer via email/support ticket, probably toward the end. Initially we were not planning on going full HTTPS for another year even for the jcink domains, but the decision was made that this would be best for everyone and will make switching to HTTPS less painful when browsers finally "drop the hammer" on HTTP years in the future.

signature
email: admin@jcink.com :: blog: John C.
#
QUOTE (John @ Mar 11 2017, 02:57 PM)
QUOTE (GMaster479 @ Mar 11 2017, 02:34 PM)
So what are your plans for making this work with custom domain names? Will it be something in the [url=http://jcink.com/main/wiki/jfb-acp-system-settings-domain-manager][url=http://jcink.com/main/wiki/jfb-acp-system-settings-domain-manager][url=http://jcink.com/main/wiki/jfb-acp-system-settings-domain-manager][url=http://jcink.com/main/wiki/jfb-acp-system-settings-domain-manager][url=http://jcink.com/main/wiki/jfb-acp-system-settings-domain-manager]Domain Control Center[/URL][/URL][/URL][/URL][/URL] for the ACP or would it be something we do through our own registrar (namecheap for example)?


The conundrum with domain names is that each domain needs its own SSL certificate.

We paid for all jcink domain users since it was a wildcard certificate through SSLTrust. Our *.jcink.net certificate was an "expensive" one ($400), but the cert covers everyone for 3 years.

Standard domain name certificates namecheap for SSL are only $9.00/year per domain name. Not so bad, but a significant cost increase yearly for someone who has. And every year the certificate expires, it needs to be renewed and sent to us and I'll have to manually insert their cert.

Ideally what I would like to do for domain owners is utilize a free solution called Let's Encrypt instead ( https://letsencrypt.org/ ). A problem with those certificates however, is that they only last 90 days. So a board owner would need to generate a new certificate every 90 days, then give it to us.

Obviously this adds a LOT of labor and inconvenience, along with "complexity", and the first option is less labor for us and the board owner, but adds cost.

The ultimate solution would be a way to enter a lets encrypt account's details into the Admin CP, and have our server automatically go to their site via some API and "create" a cert then load it in. This will take some time to fully implement and I'm not even sure I'll have this implemented by the end of this year.

I will, at the very least I think be ready to accept yearly certificates sometime during the summer, probably toward the end. Initially we were not planning on going full HTTPS for another year even for the jcink domains, but the decision was made that this would be best for everyone and will make switching to HTTPS less painful when browsers finally "drop the hammer" on HTTP years in the future.


That seems annoying overall, though I love the sound of the ultimate solution you have there. That would be ideal.

I'll happily purchase the SSL certificate when you're ready to handle them. I think that if you could almost find a way to add the certificate when you add the domain name in it would be great at least as a hold over. I'm not exactly sure how that would work but I think it is something that should happen once that you never have to look at again after.

signature
user posted image
#
I agree, it's just unfortunate that you can't simply buy a certificate, load it once, and be done with it as long as you keep renewing it yearly. It needs to be changed out.

The need to switch out a cert adds a whole new level. Having to do it every 90 days is even worse. "Let's Encrypt's" rationale for the whole 90 day limit is that it's "more secure" (like changing a password every 90 days). I beg to differ, but whatever.

signature
email: admin@jcink.com :: blog: John C.
#
Few bugs identified by a user in the support ticket system. Most of the links under "JFH Resources" don't work / blank out. Will be fixing these, it's because they keep trying to redirect to http links. http://files.b1.jcink.com/html/emoticons/smile.gif

EDIT: Fixed.

signature
email: admin@jcink.com :: blog: John C.
#
Firefox 52 has thrown down the hammer harder than google. This nasty message is being displayed on HTTP logins now for those who have updated to the latest firefox. I figured this out when I was visiting Fedex's website and was shocked.

It is absolutely pertinent for those even without domains to work on making their forums HTTPS friendly.

As a result of this, we may begin to force HTTPS for newly created forums soon.

Attached 2 File(s)
Attached Image Attached Image

signature
email: admin@jcink.com :: blog: John C.
#
Jcink contacted me about whether or not I plan on switching. Yes, I do. Like, I cannot believe how fast this had come all down. I was planning on going to a secure connection later this year. But, I'm moving up my timeline to this week. I know a handful of you all use my image host, we will support the https change http://files.b1.jcink.com/html/emoticons/smile.gif
PM
#
I have been contacting a few image hosts that are commonly used who have not yet switched that admins and members are commonly utilizing just to see what their plans are, if any. Here is a list of https supported image hosting, not complete.

https://jcink.com/main/wiki/https-encrypted...y_image_hosting

Hopefully all of them start to switch, even though you can still use non-https images and includes in posts, it would be best to not do so.

One solution would be for us to run an image proxy, but I would rather not do that as it will require excessive amounts of resources.

signature
email: admin@jcink.com :: blog: John C.
#
Hey all! As per my conversation with Jcink earlier, I pushed out the SSL ahead of schedule.

For users of NickPicHost you can now swap over to https://cdn.nickpic.host from http://cdn.nickpic.host any time you'd like. I highly recommend going schemeless and referring to them as //cdn.nickpic.host

It is essential coverage and it'd support the green browser.

Thanks everyone! http://files.b1.jcink.com/html/emoticons/smile.gif

Edit: I added Shemeless link support. Plus, by default NickPic.Host will now serve SSL.

This post has been edited by Leif: Mar 18 2017, 11:56 PM
PM
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Development News | Next Newest »

OptionsPages: (5) 1 2 3 ... Last » Add ReplyNew TopicNew Poll