Enabling HTTPS ?

[warriorcookie]

Quote:

Originally Posted by Myka

Very interesting warriorcookie! I use the same username and email address on each forum I use, though I have a different password on each forum, and the email I use is not my main email, and doesn't share a password with anything else. Am I doing it "right"? I like this idea of a password manager, I'll have to look into it.

Yup, that's the way I do it. Keep the info you enter in your profile limited and use a different password for everything. Repeating the email or username is fine.

There's lots of password managers out there. You need to make sure whichever you go with is secure. If it becomes compromised then they have everything. After looking into several, Lastpass was the one I settled on.

[SoloSK71]

Wow, I can't believe the contrast in staff response between here and Reef Central to my question. Myka and Titus, you guys have gained a ton of respect in my books.

Charles

[Samw]

oh interesting. I didn't realize Canreef had been running this long without HTTPS enabled.

Without HTTPS, our login ids and passwords and everything else are sent to the webserver in plain text for anyone between the network endpoints to read with a packet sniffer. Of course, the users most at risk are the ones that use the same id/email and passwords on other websites. That's how many people get hacked.

There are free certificates now such as letsencrypt. I haven't personally used them myself but it looks popular.

Taking a quick scan at some aquarium forums, reef2reef, reefcentral, bcaquaria, plantedtank, etc are all using HTTPS.

[titus]

Hello

The plan is to migrate to Discourse and a lot of code was written to automate generation and rotation using Let's Encrypt, and no I'm not using certbot but written our own custom one. The UAT version was deployed on https://uat.canreef.com. You can see the cert expired on 20 Nov 2022. That's not the issue but the following.

My original plan was to have the following:
https://www.canreef.com/discussion for the discussion forums
https://www.canreef.com/<other stuff> for other stuff

And so I setup an NGINX reverse proxy to do this but there were some issues with Discuss supporting this. That was back in Oct and then I ran into a rabbit hole and then stopped.

I could have gone with the following:
https://www.canreef.com for discussion forum
https://other.canreef.com for other stuff

However doing it this way means we need different DNS alias entries for each incremental feature I want to add. It is not insurmountable as I setup our own DNS server with code as well but it's extra step and I really didn't like the idea of how the DNS look.

Given how far we have gotten I'd rather just finish the work proper.

Titus