Does SMF 2.0.2 support SSL/HTTPS?

Started by FreeMag, June 27, 2012, 12:31:38 PM

Previous topic - Next topic

Suki

I don't know if you are following the same argument as us.... but oh well...

Your example couldn't be any more further from what I was talking about, sorry. 

Hosting companies has absolutely no incentive to move to https, users who uses share hosting accounts CANNOT demand anything since https is ALREADY been offered by hosting companies for quite a long time now...

Want https?  buy a unique IP, thats what hosting companies will tell you, as simple as that. Mozilla pushing for https is actually a pretty good thing for hosting companies as they will see a quite substantial increase in their unique IPs sales...  they will have to be absolutely out of their minds if they pass this wonderful business opportunity...

Web hosting companies couldn't care less about your data or its encryption... (unless of course you have some shaddy business but thats another story altogether)  they only care about THEIRS.
Disclaimer: unless otherwise stated, all my posts are personal and does not represent any views or opinions held by Simple Machines.

Kindred

or - it will have exactly the effects that I predicted.

1- sites will stop working
2- people will stop using firefox
3- admins who can not afford to pay for certs will lose their membership and their sites


it is shortsited and idiotic - even more so that google's idiocy.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

mj.

I run a small site.  I want the additional privacy of full encryption for my users, for their entire session.  I am willing to pay for the certificate and endure the maintenance overhead.  I'd like to see the configuration support in a single setting, and I can figure out how to patch the embedded links in a conversion process.  I don't care what firefox does or not.  Thanks.

JBlaze

Quote from: mj. on August 09, 2015, 09:50:07 AM
I run a small site.  I want the additional privacy of full encryption for my users, for their entire session.  I am willing to pay for the certificate and endure the maintenance overhead.  I'd like to see the configuration support in a single setting, and I can figure out how to patch the embedded links in a conversion process.  I don't care what firefox does or not.  Thanks.

SMF 2.1 has even better HTTPS support. It provides proxies for embedded media, secure cookies, and more.
Jason Clemons
Former Team Member 2009 - 2012

badon

Fantastic! Thanks for the information zilladotexe! I'm really happy to see SMF taking HTTPS as seriously as it does with other forms of security.

Steve

DO NOT pm me for support!

mj.

Thank you for the reply, zilladotexe.  I'm going to check out what's going on with Beta 2.  I'm guilty of not keeping up.  I'm going to try to be more supportive of SMF.  I can code, but I am rusty, I only work in IT architecture now, so when I get my hands dirty it is never with procedural code.  Perhaps I can find other ways to be supportive. :)

spiros

Wordpress is moving towards SSL. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome. Let's Encrypt provides free, automated, and open SSL certification. There is even a CPanel plugin for that.

I think this is a good time for SMF to implement it.

Illori

it has been added in SMF 2.1 already. the only way for it to be added to SMF 2.0 beyond what is available already is by mods as SMF 2.0 does not get features added to it.

Kindred

ummmmmm... https works just fine on 2.0.x with no mods at all. I have it implemented on 5 sites now.

The only exception is the external images/avatars
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

spiros

#70
Yes, I had it tested on this site and everything worked (I only had to change manually the path of a theme image). The only issue I can see is that links to http are not redirected to https. I found this page but not sure which approach is best.

Kindred

So? WHat was the point of your post in this VERY OLD thread then?

Quote from: spiros on December 05, 2016, 02:27:28 AM
Wordpress is moving towards SSL. Google also weighs SSL as a search engine ranking factor and will begin flagging unencrypted sites in Chrome. Let's Encrypt provides free, automated, and open SSL certification. There is even a CPanel plugin for that.

I think this is a good time for SMF to implement it.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

spiros

Help people who find this thread via search or Google (as it had the highest ranking).

Kindred

and yet, that is not what your comment implies.   Wording matters when trying to spike  search results.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

nend

Quote from: Kindred on December 05, 2016, 06:54:00 AM
ummmmmm... https works just fine on 2.0.x with no mods at all. I have it implemented on 5 sites now.

The only exception is the external images/avatars

The image proxy from 2.1 is easy to back port to 2.0. I'll share when I have time.

Example
https://www.sicomm.us/t/19/

Image
https://www.sicomm.us/img/?request=http%3A%2F%2Fsinends.2-si.net%2Fwp-content%2Fuploads%2F2015%2F09%2FIMG_20150925_184115.jpg&hash=953892253dc6478beb914ca96f58fdc6

mj.

I'd really appreciate some hints on that image proxy.  I've been running an SMF forum for 4 years, but I've not been able to dig into the SSL area as I have mostly been occupied trying to patch up the abandoned theme I want to keep so that my mods work.  Just some basic pointers would be fine, I'm a quick study.

dvk01

Just to bump this with new easy info about using SSL on SMF

This only applies to users that have hosting, either dedicated or shared that use Cpanel
Since Cpanel now offer free SSL certificates there is an option in Cpanel/WHM to install a free SSL certificate for any domain you own in the account.
This option needs to be enabled by your hosting provider.
Some hosts will enable it. Others will refuse to because they make a lot of money from selling over priced SSL certificates.
If you do not see an auto-ssl certificate in your Cpanel control panel, then ask your hosting company to enable it on the server and then you will be able to use your forum as SSL with absolutely no changes on forum software itself.
You can force SSL for all connections  but that can cause problems with SMF. It is far better to leave it as set and let Cpanel/server do all the work.
Users can log in or visit forum using either   HTTP or HTTPS

If you allow linked images for non HTTPS sites when HTTPS has been enabled, you will get browser warnings of insecure content and no padlock shown in browser bar and error messages.

Kindred

I disagree.

If you have SSL, then use it.... and force it using .htaccess.

the image proxy is a minor thing at the moment -  and is solved in 2.1
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

nend

Give me some time as I am on mobile at the time and have some other important business to attend to before I get to this.

I'll share my dirty hack for experienced webmasters to install the image proxy. I'll include the image proxy back ported to 2.0, the subs.php BBC rewrite for img and xpath QueryString.p hp rewriter to catch any missed urls.

mj.

I'm cool if it's solved in 2.1 but when is that?  I understand free means no promises.  I probably only have 20 active users, and I provide for free as well but it's important to me, these are my imaginary friends.  :)  I've thought about just putting the beta on but from what I gather it isn't just an upgrade, I don't have a clue as to what I'd need to convert and not lose content, and I haven't really seen anyone's judgement as to the beta stability.

As I said, I'm on a flaky theme and the original dev won't even take money to fix it.  What can I do to help out?  I'm an IT guy but PHP I can just barely hack.  Would donating a decent sum to SMF development help?  I don't want to switch to BB or the other suspects, I'm partial to SMF.

I apologize if any of y'all think I'm asking too much, but life is a bear I'm 10 years behind on now really.

No problem nend, thank you, whenever you have the opportunity, I have notification turned on for this thread.

Advertisement: