Community

SSL Question.

General Discussion
  • A
    A
    #1

    Is there anything specific that needs to go into nginx or the config if I wanted to go 100% SSL? Or is it just a case of redirecting all http to https?

    I've turned on this universalSSL from cloudflare, but https:// doesn't work on my domain yet, so will wait a bit longer, I'm pretty sure I need a signed certificate still, but one step at a time.

    0
  • fuzzmzF
    fuzzmzF
    #2

    From what I know, the whole point of the Universal SSL from Cloudflare is that you don't need your own certificate. It just takes a while to activate that option on an account.

    Not sure how it works with nginx, but with my own certificate I just had to configure nginx to use my cert, then redirect all links to https and preferably re-run the setup so you set the forum url starting with https.

    0
  • P
    P
    #3

    Does universal SSL cause mixed content problems with browser?

    A 1 Reply
    0
  • A
    A
    #4

    @peter If you have mixed content in your browser, then yes. But that's something that will be addressed as they're spotted. (Using http:// instead of https:// in embedding plugins etc)

    1
  • ?
    ?
    #5

    I'll send you a chat about this and see where you're at.

    0
  • julianJ
    julianJ
    GNU/Linux
    #6

    I believe the goals of the Universal SSL was to have zero configuration from your server.

    Simply put, turn it on, and you'll be able to access your site from https://yoursite.com

    What's the error you're seeing?

    A 1 Reply
    0
  • A
    A
    #7

    @julian said:

    At the minute, Firefox is unable to connect. However Cloudflare is still initializing the SSL. So it's probably just a matter of playing the waiting game, I wasn't sure if I needed a certificate on the server or anything like that or specific nginx configs, if it's just a case of changing http:// to https:// when it's up, I should be alright. 😆 I've been practicing my nano techniques.

    0
  • fuzzmzF
    fuzzmzF
    #8

    Just as a general rant, I don't really like the Universal SSL idea. The whole point of SSL is that each site in particular can be trusted (or not); with U-SSL, in theory, if you manage to spoof a certificate then you can spoof any site using universal SSL.

    0
  • julianJ
    julianJ
    GNU/Linux
    #9

    Me neither. Typical SSL key allows two parties to share information, the client and the server. Cloudflare's Universal SSL ups that to three, with CF acting as the middleman.

    0

Suggested Topics

  • S

    SSO questions

    General Discussion
    0 Votes
    3 Posts
    470 Views

    S

    If needed, is there a way to convert SSO accounts to local ones? Obviously they would require a password reset.

  • modiM

    Important questions from oldschool xenforo user

    General Discussion
    0 Votes
    5 Posts
    1951 Views

    ?

    Hey there. Basically I have a forum around the same size as yours. I moved from myBB to NodeBB.

    I am using NodeBB since almost a year now.

    Security isn't an issue. There have been some XSS vulnerabilities here and there, but these have been patched within a few hours.

    Updating NodeBB is easy as well, you just run git pull, stop your forum, run ./nodebb upgrade and then start it again. No need to restart NodeJS or Redis/Mongo.

    Setting up a system running PHP and NodeJS is fairly simple. Maybe take a look at my tutorial "High performance stack".

    Moving NodeBB is pretty simple too. Just copy all the files to your new machine and run ./nodebb start. Thats it (assuming you have your stack installed of course).

    NodeBB automatically chooses the right language for your user. At least my members got their mother language. Alternatively the users can set the language in their profile settings.

    My forum is using a Redis database. It takes around 500-700MB RAM, not a big deal for me, but depends on your server of course.

    To contribute to the NodeBB translations you can check Transifex and participate.

    If you want I can help you doing the movement. Feel free to drop me a message.

  • charlesC

    How To Add SSL For Subdomain?

    General Discussion
    0 Votes
    6 Posts
    6179 Views

    julianJ

    @charles Let's Encrypt can't access the challenge directory because you don't have an nginx configuration for it.

    You'll need to add this inside the server block:

    location /.well-known/acme-challenge { root /var/www/example/public_html; }
  • CarlC

    Looks great!! A few questions

    General Discussion
    0 Votes
    20 Posts
    3778 Views

    julianJ

    @Kamal-Patel @a_5mith Should be fixed in latest code (and backported to v0.4.2)

  • K

    Quick question on Email setup..

    General Discussion
    0 Votes
    5 Posts
    1774 Views

    S

    Mailgun allows 10000 emails before it charges you.

| | | |
Copyright © 2023 NodeBB | Contributors