Page 1 of 1

add SSL so we can access boundforum securely over HTTPS

Unread postPosted: Wed May 02, 2018 6:08 pm
by mcslavey
Currently (2018-05-02) boundforum seems only to be accessible via HTTP, including the login page. I assume this means that users' logins and passwords are being transmitted across the internet in plaintext.

Navigating to HTTPS://boundforum.com/ shows a "not secure" warning in the browser address bar and resolves to a page that simply says "greybolt.com".

Given the topics discussed on the site and users' overwhelming interest in privacy, the forum should provide encrypted HTTPS connections by default.

Depending on the host operating system of the server, adding free SSL certificates from LetsEncrypt.org could be as simple as executing a few commands on the server. LetsEncrypt "Certbot" provides guides for a variety of OS-server combinations. For instance, Ubuntu 14.04 'trusy' + nginx:

Code: Select all
# On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx


Code: Select all
# Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it:

$ sudo certbot --nginx

If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:
$ sudo certbot --nginx certonly


Alternatively, I think partial SSL encryption (between cloudflare and users) can be enabled via the cloudflare dashboard, (assuming boundforum uses cloudflare): https://www.cloudflare.com/ssl/

Cloudflare also provides documentation on how to setup full SSL via LetsEncrypt w/ certbot: Cloudflare Knowledgebase - How to Validate a Let’s Encrypt Certificate on a Site Already Active on Cloudflare

Let me know if I can help with any of this, or if I've misunderstood something. Thanks!

Re: add SSL so we can access boundforum securely over HTTPS

Unread postPosted: Wed May 02, 2018 6:12 pm
by mcslavey
Screen Shot 2018-05-02 at 9.22.30 AM.png
https://boundforum.com screenshot
Screen Shot 2018-05-02 at 9.22.30 AM.png (21.86 KiB) Viewed 437 times


Screen Shot 2018-05-02 at 9.20.57 AM.png
ssllabs.com SSL Report

https://www.ssllabs.com/ssltest/analyze ... dforum.com

Re: add SSL so we can access boundforum securely over HTTPS

Unread postPosted: Wed May 09, 2018 1:01 am
by mcslavey
bump bump... anyone else care about this?

Re: add SSL so we can access boundforum securely over HTTPS

Unread postPosted: Wed May 09, 2018 1:25 am
by mcslavey
Related thread about users using TOR for more "secure" access viewtopic.php?f=4&t=106367