How many run SSL?

[NoGi]

Looking at whether it's worth the hassle to install and use SSL on my community. I am on CentOS 7 with PHP 7 and IPS 4.1.17. I will be looking at using Shopify as well

[NoGi]

Ok so a few run SSL, I might start to look into it. Is it a simple process to get working with IPS?

[Steph40]

I get no problem at all with ips. Just had to learn how to install it on nginx server then good to go.

[Jim M]

5 hours ago, NoGi said:

Ok so a few run SSL, I might start to look into it. Is it a simple process to get working with IPS?

Easy peasy, just need to update you conf_global.php for the URL. 

[NoGi]

OK, did the SSL and seemed painless. I just have one issue I want to fix and that is the warning that people get about mixed content? It's a little different to the google one noted in the 4.1.18 release notes:

Quote

Mixed Content

The site includes HTTP resources.

When I take a look, it seems to be pointing to local image files. Is there a way to force them to auto use https instead of having to dig up the offending files and manually update the URL?

[Steph40]

I don't if that is what you are looking for but go to system -- settings -- posting.

[Jim M]

6 hours ago, NoGi said:

 

When I take a look, it seems to be pointing to local image files. Is there a way to force them to auto use https instead of having to dig up the offending files and manually update the URL?

What are the files? Attachments, theme files or something related to the system?

Long as they aren't manually inserted or copy/paste into a post make sure you updated your URL in the conf_global.php.

What @Steph40mentioned will take care of future copy/paste images (from anywhere).

[NoGi]

They were images/emoji's that were in the forum descriptions. I went in and fixed them up, now all good.

[MeMaBlue]

Hello! we changed to ssl 

we have tons of mixed content  due to the signatures members use.   they have signatures for their babies (each one has a ticker for their babys age)

its impossible to do it manually, i have 40.000 members. 

what would you do if you were in my place? 

[Morgin]

9 minutes ago, MeMaBlue said:

Hello! we changed to ssl 

we have tons of mixed content  due to the signatures members use.   they have signatures for their babies (each one has a ticker for their babys age)

its impossible to do it manually, i have 40.000 members. 

what would you do if you were in my place? 

Personally, I would use cloudflare and have it rewrite them all. 

https://support.cloudflare.com/hc/en-us/articles/227227647-How-do-I-use-Automatic-HTTPS-Rewrites-

that’s a pretty easy solution. 

[MeMaBlue]

On 02/02/2017 at 2:42 AM, Steph40 said:

I don't if that is what you are looking for but go to system -- settings -- posting.

hello Steph40

wont that change something to the server load or the server traffic ... ?

thank you

41 minutes ago, Morgin said:

Personally, I would use cloudflare and have it rewrite them all. 

https://support.cloudflare.com/hc/en-us/articles/227227647-How-do-I-use-Automatic-HTTPS-Rewrites-

that’s a pretty easy solution. 

thanks , i ll send it to my associate to look at!

[Steph40]

Well I am no expert but I think it is worth it. You could always store images on a cdn.

You can also take a look at this

 

[MeMaBlue]

16 hours ago, Steph40 said:

Well I am no expert but I think it is worth it. You could always store images on a cdn.

You can also take a look at this

 

hello, thank you,  I read the support topic and in there a staff member from invision mentioned its already built in , in the 4.2 licence. 

So i am guessing / assuming they mean this part what @Steph40 posted here  

am i right @Rhett  ?

[MeMaBlue]

and, when trying to enable it ,  this window opens up, 

and I am not sure what it will mean for my server, and how i can estimate beforehand if that would be something i need to avoid or not

(server load? size/traffic load?) if i have a forum that contains millions of posts, and dates 12 years now. 

Is there a way to find out the exact number of these image embeds that will need local server loading?  

[capei]

Been running SSL for a few years now. I just made a rewrite rule on the web server itself to rewrite the protocol to HTTPS if it is not used. You can do it with mod_rewrite with Apache, or URL Rewrite with IIS.

[GriefCode]

On 13.2.2018 at 5:14 PM, MeMaBlue said:

and, when trying to enable it ,  this window opens up, 

and I am not sure what it will mean for my server, and how i can estimate beforehand if that would be something i need to avoid or not

(server load? size/traffic load?) if i have a forum that contains millions of posts, and dates 12 years now. 

Is there a way to find out the exact number of these image embeds that will need local server loading?  

I would personally suggest you to use the cloud flare solution in first hand. This is a more secure option, as you do not need to change anything on your local server.
Cloud flare is a CDN, it does store a lot data securely world wide on their server to deliver faster any content to an end user. That does mean, yes it does affect your traffic and load on your server with a positive affect.
Lowering load times is pushing your google rank - delivering the images or other files from a CDN does lower your load on the server. I have a rather small sized website compared what you got and it does save me already 10% of my load, taken from their traffic stats. Additionally, it does come with (d)Dos web protections and some other further cool features.

I have a zero-filled config, that does mean, aside adding the website over cloud flare, I have done no adjustments (except some HSTS settings) and still got all the savings, I know that you can save a lot more load on your server with other configs, but they are not required for me as my website is too small that it is worth to spent time into it.

If you still want to proceed the image proxy solution, I recommend you to setup a migration system and firstly test the plugin for being a lot more secure in the end that you will not kill anything.

If you have any questions regarding cloud flare, you may wanna lookup the following topic, it does sum up the main points for using cloud flare.

Just my 2 cents, as I have not seen any clear information/answeres regarding your questions.

Greetings

[ASTRAPI]

Using Cloudflare you can redirect all requests to https with one click but is is also easy to do with a simple Nginx rule :-)

[beeurd]

If you have a lot of old posts with http images, you can use the below script in your .htacess file to "upgrade" the old links to act as if they were https links. Any external images on domains that don't support https will fail to display, so you won't get a mixed content error that breaks your SSL.

<IfModule mod_headers.c>
  Header set Content-Security-Policy "upgrade-insecure-requests" env=HTTPS
</IfModule>

 

[opentype]

3 hours ago, beeurd said:

If you have a lot of old posts with http images, you can use the below script in your .htacess file to "upgrade" the old links to act as if they were https links.

Or just upgrade the image URLs through IPS’ image caching. Converting existing content was added recently. 

[beeurd]

12 hours ago, opentype said:

Or just upgrade the image URLs through IPS’ image caching. Converting existing content was added recently. 

That's good to know, I must have missed that update! ?

[dragonfly411]

On 3/20/2018 at 6:19 AM, opentype said:

Or just upgrade the image URLs through IPS’ image caching. Converting existing content was added recently. 

@opentype Is that an automatic process or where can I find this please?

[Sovereign Grace Singles]

On 1/22/2017 at 2:48 AM, NoGi said:

Looking at whether it's worth the hassle to install and use SSL on my community. I am on CentOS 7 with PHP 7 and IPS 4.1.17. I will be looking at using Shopify as well

No hassle really if you want to run Cloudflare CDN. With one click you can enable the option for a free "universal" Cloudflare SSL. Dedicated are available also:

https://blog.cloudflare.com/introducing-universal-ssl/

[GriefCode]

On 8/18/2018 at 12:48 AM, Christforums said:

No hassle really if you want to run Cloudflare CDN. With one click you can enable the option for a free "universal" Cloudflare SSL. Dedicated are available also:

https://blog.cloudflare.com/introducing-universal-ssl/

Please do not forget that this is not a full encryption.

Yes, you do have a SSL certificate, but only from the user agent to the cloudflare servers.
The communication from the cloudflare servers to your servers are unencrypted, unless you have FULL SSL active as option and have an active SSL certificate on your servers.

[Platinumwealth.co.za]

Let's encrypt or cloudflare both are free. 

 

There is no excuse to run a http site anymore. 

[jcdesign]

2 hours ago, Platinumwealth.co.za said:

Let's encrypt or cloudflare both are free. 

If you are on a newer WHM/cPanel there is a free Comodo auto SSL also.