Page 1 of 1

Could Spam Gourmet and assoc BBS auto redirect to https?

PostPosted: Sun Apr 02, 2017 7:41 am
by tonybrown100
This is easy to configure and would prevent passwords being transmitted in plain text?

Is this a server CPU resource issue?

Thanks for a great service!

Tony.

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

PostPosted: Sat Apr 15, 2017 2:41 pm
by josh
the spamgourmet site does direct the login form to https - I'm not sure this is as good as immediately redirecting to https, but yes, it is a server resource issue.

The bbs is on a completely separate service. I'll look into implementing SSL on it.

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

PostPosted: Thu Apr 20, 2017 12:25 pm
by Josh Parris
I've used LetsEncrypt, and found the process painless.

Code: Select all
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

Once installed, you can check the world's a happy place:
Code: Select all
certbot renew

And if so, set things up so that your 90-day certificate is renewed monthly (change [slash] for /):
Code: Select all
echo '@monthly root /usr/bin[slash]certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc[slash]crontab

Done. Then alter your sites-available file to include the optional redirect HTTP to HTTPS and the mandatory location of the SSL certificates:
Code: Select all
<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} =bbs.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/bbs.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bbs.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


PS: did you know, I can't save drafts or submit here because of a 403 Forbidden error, when there's a slash before a c within a BBCode Code block? How random is that?

Re: Could Spam Gourmet and assoc BBS auto redirect to https?

PostPosted: Sat Apr 22, 2017 12:15 am
by josh
now both the bbs and the main site redirect to https