Could Spam Gourmet and assoc BBS auto redirect to https?

Discussion re sg development. You don't have to be a developer.

Could Spam Gourmet and assoc BBS auto redirect to https?

Postby tonybrown100 » Sun Apr 02, 2017 7:41 am

This is easy to configure and would prevent passwords being transmitted in plain text?

Is this a server CPU resource issue?

Thanks for a great service!

Tony.
tonybrown100
 
Posts: 1
Joined: Sun Apr 02, 2017 7:38 am

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

Postby josh » Sat Apr 15, 2017 2:41 pm

the spamgourmet site does direct the login form to https - I'm not sure this is as good as immediately redirecting to https, but yes, it is a server resource issue.

The bbs is on a completely separate service. I'll look into implementing SSL on it.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

Postby Josh Parris » Thu Apr 20, 2017 12:25 pm

I've used LetsEncrypt, and found the process painless.

Code: Select all
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

Once installed, you can check the world's a happy place:
Code: Select all
certbot renew

And if so, set things up so that your 90-day certificate is renewed monthly (change [slash] for /):
Code: Select all
echo '@monthly root /usr/bin[slash]certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc[slash]crontab

Done. Then alter your sites-available file to include the optional redirect HTTP to HTTPS and the mandatory location of the SSL certificates:
Code: Select all
<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} =bbs.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/bbs.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bbs.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


PS: did you know, I can't save drafts or submit here because of a 403 Forbidden error, when there's a slash before a c within a BBCode Code block? How random is that?
Josh Parris
 
Posts: 8
Joined: Tue Apr 18, 2017 7:09 am
Location: Melbourne, Australia

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

Postby josh » Sat Apr 22, 2017 12:15 am

now both the bbs and the main site redirect to https
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm


Return to Developers

Who is online

Users browsing this forum: No registered users and 20 guests

cron