add SSL so we can access boundforum securely over HTTPS

Latest information for Gromet's Plaza, GaggedUtopia's Archive. Off-Topic discussion, suggestions and comments are always welcome.

add SSL so we can access boundforum securely over HTTPS

Unread postby mcslavey » Wed May 02, 2018 6:08 pm

Currently (2018-05-02) boundforum seems only to be accessible via HTTP, including the login page. I assume this means that users' logins and passwords are being transmitted across the internet in plaintext.

Navigating to HTTPS://boundforum.com/ shows a "not secure" warning in the browser address bar and resolves to a page that simply says "greybolt.com".

Given the topics discussed on the site and users' overwhelming interest in privacy, the forum should provide encrypted HTTPS connections by default.

Depending on the host operating system of the server, adding free SSL certificates from LetsEncrypt.org could be as simple as executing a few commands on the server. LetsEncrypt "Certbot" provides guides for a variety of OS-server combinations. For instance, Ubuntu 14.04 'trusy' + nginx:

Code: Select all
# On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx


Code: Select all
# Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it:

$ sudo certbot --nginx

If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:
$ sudo certbot --nginx certonly


Alternatively, I think partial SSL encryption (between cloudflare and users) can be enabled via the cloudflare dashboard, (assuming boundforum uses cloudflare): https://www.cloudflare.com/ssl/

Cloudflare also provides documentation on how to setup full SSL via LetsEncrypt w/ certbot: Cloudflare Knowledgebase - How to Validate a Let’s Encrypt Certificate on a Site Already Active on Cloudflare

Let me know if I can help with any of this, or if I've misunderstood something. Thanks!
mcslavey
Unfettered Newbie
 
Posts: 10
Joined: Tue Dec 29, 2009 6:42 am

Re: add SSL so we can access boundforum securely over HTTPS

Unread postby mcslavey » Wed May 02, 2018 6:12 pm

Screen Shot 2018-05-02 at 9.22.30 AM.png
https://boundforum.com screenshot
Screen Shot 2018-05-02 at 9.22.30 AM.png (21.86 KiB) Viewed 1503 times


Screen Shot 2018-05-02 at 9.20.57 AM.png
ssllabs.com SSL Report

https://www.ssllabs.com/ssltest/analyze ... dforum.com
mcslavey
Unfettered Newbie
 
Posts: 10
Joined: Tue Dec 29, 2009 6:42 am

Re: add SSL so we can access boundforum securely over HTTPS

Unread postby mcslavey » Wed May 09, 2018 1:01 am

bump bump... anyone else care about this?
mcslavey
Unfettered Newbie
 
Posts: 10
Joined: Tue Dec 29, 2009 6:42 am

Re: add SSL so we can access boundforum securely over HTTPS

Unread postby mcslavey » Wed May 09, 2018 1:25 am

Related thread about users using TOR for more "secure" access viewtopic.php?f=4&t=106367
mcslavey
Unfettered Newbie
 
Posts: 10
Joined: Tue Dec 29, 2009 6:42 am

Re: add SSL so we can access boundforum securely over HTTPS

Unread postby One Pivot » Tue Oct 23, 2018 7:12 pm

I suppose I just don't care. I also use a unique password for forums since they're generally less secure. Nothing to really steal from me here.
See my handmade leather bondage gear here! https://www.etsy.com/shop/leatherbyonepivot
One Pivot
Chair Bound
 
Posts: 57
Joined: Wed Aug 31, 2016 1:05 am


Return to General Discussion

Who is online

Users browsing this forum: Bing [Bot] and 4 guests

  • Help support the forum by visiting our sponsors below