How about some HTTPS?

Please post feature requests, modifications, error reports and suggestions to improve the forum
paradoxbox
Posts: 261
Joined: Wed Sep 30, 2015 11:52 pm
Has thanked: 106 times
Been thanked: 332 times

How about some HTTPS?

Post by paradoxbox »

Any chance of turning this site into HTTPS?

User avatar
Zasso Nouka
Tech Support
Tech Support
Posts: 3092
Joined: Wed Sep 23, 2015 9:37 am
Location: Chiba Prefecture
Has thanked: 2371 times
Been thanked: 1810 times

Re: How about some HTTPS?

Post by Zasso Nouka »

Wouldn't we need to buy a certificate ?

Mind you looks like we might be able to do something for free with Let's Encrypt. Anyone else have any thoughts on the matter ?

User avatar
gonbechan
Founder
Founder
Posts: 1489
Joined: Wed Sep 23, 2015 9:10 am
Has thanked: 1532 times
Been thanked: 860 times

Re: How about some HTTPS?

Post by gonbechan »

I bow to your superior wotsit.

User avatar
Zasso Nouka
Tech Support
Tech Support
Posts: 3092
Joined: Wed Sep 23, 2015 9:37 am
Location: Chiba Prefecture
Has thanked: 2371 times
Been thanked: 1810 times

Re: How about some HTTPS?

Post by Zasso Nouka »

I'll add it to the list, is anyone in a desperate hurry for this ?

paradoxbox
Posts: 261
Joined: Wed Sep 30, 2015 11:52 pm
Has thanked: 106 times
Been thanked: 332 times

Re: How about some HTTPS?

Post by paradoxbox »

Not particularly urgent. Just seems like a good thing to keep with the times. A lot of sites are going full HTTPS to avoid sending passwords and usernames in cleartext which can basically just be grabbed out of the air by anybody with the knowledge to do it if you're on a public wifi network (i.e. starbucks, mac etc).

User avatar
Zasso Nouka
Tech Support
Tech Support
Posts: 3092
Joined: Wed Sep 23, 2015 9:37 am
Location: Chiba Prefecture
Has thanked: 2371 times
Been thanked: 1810 times

Re: How about some HTTPS?

Post by Zasso Nouka »

I need to upgrade the board software first but currently it won't complete the installation so that is holding things up, once I've got that done can then look into getting https running.

sigismund
Posts: 7
Joined: Wed Sep 07, 2016 2:54 pm
Has thanked: 4 times
Been thanked: 9 times

Re: How about some HTTPS?

Post by sigismund »

When I tried to log-in yesterday I kept getting a warning that the site was not secure. Once I entered "https" manually it fixed the issue. Its odd though because I used the HTTPS Everywhere extension. It makes me wonder if manually entering https even makes a real difference. I wasn't going to bring this up, but since there is already I thread I figure I should say something.

It's not like this is a very large community and I don't store any important information here so it's not a huge deal to me. However others may not be so comfortable could be scared away from joining.

User avatar
Zasso Nouka
Tech Support
Tech Support
Posts: 3092
Joined: Wed Sep 23, 2015 9:37 am
Location: Chiba Prefecture
Has thanked: 2371 times
Been thanked: 1810 times

Re: How about some HTTPS?

Post by Zasso Nouka »

sigismund wrote:When I tried to log-in yesterday I kept getting a warning that the site was not secure. Once I entered "https" manually it fixed the issue. Its odd though because I used the HTTPS Everywhere extension. It makes me wonder if manually entering https even makes a real difference.
An interesting observation, thank you for bringing this up. Just tried it myself and yes if you manually enter 'https' you do indeed get a secure connection so it looks like we already have the capability without realising it. Thank you for trying and letting us know Sigismund. I've just tried bookmarking https://www.japansimplelife.com and that gives you the secure connection so maybe a work around, until I get my lazy ass in gear, folk can bookmark JSL when using a secure connection.

Upon further examination it looks like the ssl certificate is provided by Cloudflare as we route our traffic through there to deal with someone that was DDOS'ing the forum in it's early days and still tries to take us offline from time to time.

User avatar
Zasso Nouka
Tech Support
Tech Support
Posts: 3092
Joined: Wed Sep 23, 2015 9:37 am
Location: Chiba Prefecture
Has thanked: 2371 times
Been thanked: 1810 times

Re: How about some HTTPS?

Post by Zasso Nouka »

I've just changed CloudFlare to always use https so hopefully from now on everyone's connection will be a secure one even if you haven't specifically chosen a secure connection. Would folk mind testing this out and seeing if their connections are secure or not and letting me know in this thread.

Thanks

sigismund
Posts: 7
Joined: Wed Sep 07, 2016 2:54 pm
Has thanked: 4 times
Been thanked: 9 times

Re: How about some HTTPS?

Post by sigismund »

Zasso Nouka wrote:Thank you for trying and letting us know Sigismund.
I'm glad I was able to contribute something helpful. Especially considering how great a resource JSL is for me.
Zasso Nouka wrote:Upon further examination it looks like the ssl certificate is provided by Cloudflare as we route our traffic through there to deal with someone that was DDOS'ing the forum in it's early days and still tries to take us offline from time to time.
How odd that someone would want to take this site down. DDOS'ing takes forever if only a single person is trying to do it and if successful it is only a temporary inconvenience.

The change in CloudFlare seems to be working. I used a separate browser with no extensions and it came up Https.