www.tbgclan.com SSL

proxygamer

proxygamer

BANNED
BANNED
Joined
Jul 5, 2016
Messages
89
More and more sites have SSL setup, how come tbgclan.com doesn't have it? I know Xenforo is secure, but https is going to be the standard these days :3 Can you get an SSL cert for the website?
 
bot102 said:
@Matt(FAST) @RainMotorsports
Click to expand...
thenamesgart said:
Why would they need an SSL for. Its not needed for their site.
Click to expand...

We have discussed it before. We don't currently run the server the site is on and I kind of want to return it to one of my servers. That way we can take advantage of a faster platform while offering HTTP/2 which REQUIRES SSL which we can get for free these days thanks to LetsEncrypt.org.

Do we need it? Well given the non confidential nature of most of our communications and the fact that paypal on the back end DOES go through a TLS encryption setup I wouldn't worry about it. However logins do get transmitted in the open. If you use a seperate password for this site and use 2factor auth for login you won't have to worry about hijacked credentials allowing a takeover, etc.

Do I think we are in a rush for it? If the founders and or head admins give me the go ahead and they rent the VPS that I reccomend I would be able to get it going within an hour. Do the DNS transfer at night when people are sleeping. We ran a VPS for 6 months straight before the forum's cron system started slamming the server. We went back to shared hosting until the issue was figured out. Never went back.

While Xenforo offers an image proxy to allow embedded images from non http/s sources to be fed through our encryption many other embeds wont. Not sure if twitch has changed yet but thats the biggest one from the past. Embeds from non encrypted sources show a scary little warning in some browsers.
 
SSL is free if you go with https://letsencrypt.org, which tons of people are using now.

What benefits could it possibly have? The only real benefit I can see is that it would remove the ability for cookie hijacking and stuff when on public/shared connections. I mean, that kinda stuff never really happens to anyone... but if it's free, then there's no reason to not use it.

We use it over at AkbarHou.se and it works fine. We used to pay for it but LetsEncrypt works just as good... assuming you aren't hosting a mail server. SSL certs for web servers is free, but SSL for e-mail is not. But most people aren't hosting their own email, instead opting to use GMail and stuff.

Setup is pretty easy, you basically copy/paste some commands from LetsEncrypt to your server and it sets up and installs a certificate for you. Then it's a matter of telling your forum/portal software that you have HTTPS and it'll start using the https:// prefix instead of http:// among other things. That step is just a couple clicks in the Setup section though.
 
I read it, it's just sometimes sharing one's own experience does it more justice than simply hitting the "Like" button.

I saw an article the other day where LetsEncrypt could possibly be the #1 cert provider, but given its free nature that number might be skewed since poeple may use it for testing purposes and not live sites. Either way though, it's a trusted CA with tons of support. Assuming the site is hosted on a VPS and not one of those shared hosting plans, there's 0 reason not to use it.
 
AkH Prevent [Alt] said:
I read it, it's just sometimes sharing one's own experience does it more justice than simply hitting the "Like" button.

I saw an article the other day where LetsEncrypt could possibly be the #1 cert provider, but given its free nature that number might be skewed since poeple may use it for testing purposes and not live sites. Either way though, it's a trusted CA with tons of support. Assuming the site is hosted on a VPS and not one of those shared hosting plans, there's 0 reason not to use it.
Click to expand...


Current setup is a shared apache host. I personally run NGINX VPS's.
 
You must log in or register to reply here.
Back
Top