INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Forums SSL/HTTPS support testing  (Read 8101 times)

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Forums SSL/HTTPS support testing
« on: May 09, 2017, 07:56:50 am »

I didn't know where to post this, so I'll post it here for now.

For the fun of it, I've been testing this morning using the forums with its HTTPS address. For the most part, it's actually working pretty good, but I do notice a couple issues...

1. I can't set a HTTPS link for my avatar. I try to change my avatar's URL address from http://i.imgur.com/7u4jHqt.png to https://i.imgur.com/7u4jHqt.png (which is a valid link) causes the forum to reset to using no avatar at all. Reverting back to the HTTP link works. This is a known issue with SMF, which can be worked around: https://www.simplemachines.org/community/index.php?topic=551556.0 and http://www.simplemachines.org/community/index.php?topic=541642.0

2. The mixed content warnings. This is the big one, but it can be worked around as well. For SMF 2.0 an image proxy can be used. Or you guys can wait for SMF 2.1, which will support this built-in (when this is released as stable, is anyone's guess).

If those two issues are worked around, you can actually force enable HTTPS as the default for the forums.

The main site? IMO, I've done some testing there and everything looks good. You guys *could* force enable HTTPS on the main site already!
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #1 on: May 09, 2017, 02:19:07 pm »

I didn't know where to post this, so I'll post it here for now.

For the fun of it, I've been testing this morning using the forums with its HTTPS address. For the most part, it's actually working pretty good, but I do notice a couple issues...

1. I can't set a HTTPS link for my avatar. I try to change my avatar's URL address from http://i.imgur.com/7u4jHqt.png to https://i.imgur.com/7u4jHqt.png (which is a valid link) causes the forum to reset to using no avatar at all. Reverting back to the HTTP link works. This is a known issue with SMF, which can be worked around: https://www.simplemachines.org/community/index.php?topic=551556.0 and http://www.simplemachines.org/community/index.php?topic=541642.0

2. The mixed content warnings. This is the big one, but it can be worked around as well. For SMF 2.0 an image proxy can be used. Or you guys can wait for SMF 2.1, which will support this built-in (when this is released as stable, is anyone's guess).

If those two issues are worked around, you can actually force enable HTTPS as the default for the forums.

The main site? IMO, I've done some testing there and everything looks good. You guys *could* force enable HTTPS on the main site already!
Thanks for testing it. I'll probably do this soon. I noticed the mixed content stuff from the avatars, the image proxy seems like a reasonable solution.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #2 on: May 09, 2017, 03:09:32 pm »

Another 'issue" I've noticed in Mozilla Firefox and Microsoft Edge (Google Chrome and Vivaldi is fine) is when I changed my bookmarks to the front page and the forums to HTTPS, it changed the favicons to a more brighter/vibrant version of the MC logo. It's strange, as for a while now I've noticed the favicons would randomly change in both of those browsers, but would revert back to the 'normal' favicon (which it didn't after changing the links to HTTPS). Hopefully there isn't two clashing favicons there.

Normal (Chrome, Vivaldi):



Strange (Firefox, Edge):



Basically they're inconsistent, when they should be consistent (in my opinion). It only affects the favicons for bookmarks, not the favicon in the tab (which appears normal).

Strange, huh?
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

glynor

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 19608
Re: Forums SSL/HTTPS support testing
« Reply #3 on: May 09, 2017, 10:08:16 pm »

For the record, I've been using HTTPS on Interact for more than a year. No substantial issues other than the mixed content issue (which Firefox doesn't make too much noise about so I ignore it).
Logged
"Some cultures are defined by their relationship to cheese."

Visit me on the Interweb Thingie: http://glynor.com/

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10935
Re: Forums SSL/HTTPS support testing
« Reply #4 on: May 10, 2017, 03:32:23 am »

I switched all my bookmarks to HTTPS a while ago as well, and as glynor the only issue that comes up is mixed content occasionally - and Chrome also doesn't make much noise about that, other then forgoing the green lock in the address bar.
Logged
~ nevcairiel
~ Author of LAV Filters

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #5 on: June 09, 2017, 09:06:03 am »

I'm going to be working on changing the forum today to redirect to https and fix those issues so there may be some interruptions.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #6 on: June 09, 2017, 09:27:27 am »

Best of luck!

Are you going to mod SMF to allow HTTPS links for avatars? That'd certainly would help a lot.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #7 on: June 09, 2017, 09:43:13 am »

Best of luck!

Are you going to mod SMF to allow HTTPS links for avatars? That'd certainly would help a lot.
Yes.
I've now forced it to https with a permanent redirect.
Next are the avatars.
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #8 on: June 09, 2017, 10:14:22 am »

Yes.
I've now forced it to https with a permanent redirect.
Next are the avatars.
Ok, the avatars seem to work. My baseball one is loading offsite from a https now.
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #9 on: June 09, 2017, 10:25:55 am »

Ok, the avatars seem to work. My baseball one is loading offsite from a https now.
Though there seems to be a bug in the theme code somewhere.
When I use the avatars from the forum, they appear in the header by the "Show unread posts..." etc.
When I use an offsite one, the header avatar goes away.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #10 on: June 09, 2017, 11:23:01 am »

Yep, confirmed. For example when trying to view my broken avatar, the link goes to https://yabb.jriver.com/interact/YaBBImages/avatars/https://i.imgur.com/7u4jHqt.png which doesn't exist (and is two URLs mixed). :P

Is there going to be an image proxy? That *should* get around images being served from only HTTP.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #11 on: June 09, 2017, 11:56:10 am »

Yep, confirmed. For example when trying to view my broken avatar, the link goes to https://yabb.jriver.com/interact/YaBBImages/avatars/https://i.imgur.com/7u4jHqt.png which doesn't exist (and is two URLs mixed). :P

Is there going to be an image proxy? That *should* get around images being served from only HTTP.
Yes, the image proxy is the next step however the bug you mentioned above should be fixable without that.
The avatar shows up fine in the message threads, it's only in the header that it's broken and that is a bug for all external URL's as far as I can see, not just the https ones.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #12 on: June 09, 2017, 03:19:04 pm »

Just found out SMF 2.0.14 was released a couple weeks ago and it supports image proxy and HTTPS avatars! https://www.simplemachines.org/community/index.php?topic=553855.0 - I'd revert the 2.0.13 changes to support HTTPS avatars (since it *could* break upgrading) and try the upgrade and image proxy + HTTPS avatars. :D

That *should* hopefully address it once and for all. :)
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #13 on: June 09, 2017, 04:04:02 pm »

Just found out SMF 2.0.14 was released a couple weeks ago and it supports image proxy and HTTPS avatars! https://www.simplemachines.org/community/index.php?topic=553855.0 - I'd revert the 2.0.13 changes to support HTTPS avatars (since it *could* break upgrading) and try the upgrade and image proxy + HTTPS avatars. :D

That *should* hopefully address it once and for all. :)
Yes, I just tested it on our other forum and it seems to work fine.
Will back out the changes and upgrade this one...
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #14 on: June 09, 2017, 04:04:54 pm »

Good luck! :D
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #15 on: June 09, 2017, 04:12:26 pm »

Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #16 on: June 09, 2017, 04:13:51 pm »

Yep, the avatar works good now (and the avatar next to unread posts too, YAY!). Is the image proxy enabled? Still getting a mixed content warning here. Also there's a little something about it here: https://www.simplemachines.org/community/index.php?topic=553863.0

Excellent work, as always!
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #17 on: June 09, 2017, 04:20:51 pm »

Yep, the avatar works good now (and the avatar next to unread posts too, YAY!). Is the image proxy enabled? Still getting a mixed content warning here. Also there's a little something about it here: https://www.simplemachines.org/community/index.php?topic=553863.0

Excellent work, as always!
Just enabled the proxy.
Thanks!
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #18 on: June 09, 2017, 04:22:24 pm »

Working great now.

Welcome to the HTTPS/TLS train, everyone! ;)

You guys can probably announce this somewhere since many would consider it a big deal.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #19 on: June 09, 2017, 04:24:44 pm »

 :) :) :) :)
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #20 on: June 09, 2017, 04:28:38 pm »

Just checked all the links on the main site (including the Wiki) and looks like everything is using HTTPS now.

Does the http://files.jriver.com/ subdomain redirect to HTTPS for downloads? Might need to edit/change links to reflect HTTPS (and make sure MC itself can download updates from HTTPS). If it doesn't redirect, it might be good to jump to using HTTPS for downloads/updates in MC23.

But yeah, looks like everything is covered too. SMF's image proxy looks like it's fully working without issue too. :D
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10935
Re: Forums SSL/HTTPS support testing
« Reply #21 on: June 09, 2017, 07:16:12 pm »

Files are hosted on Amazon, a bit more involved to get a correct https setup going for that. :)
Logged
~ nevcairiel
~ Author of LAV Filters

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #22 on: June 12, 2017, 09:11:59 am »

The update broken login (no problem if you never logout!).
It's fixed now.
Logged

Hendrik

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 10935
Re: Forums SSL/HTTPS support testing
« Reply #23 on: June 15, 2017, 04:48:13 am »

Someone is having trouble with his avatar:
https://yabb.jriver.com/interact/index.php/topic,111021.0.html
Logged
~ nevcairiel
~ Author of LAV Filters

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #24 on: June 15, 2017, 04:53:55 am »

If he still has the source image, I can do some experimenting - I didn't test any GIFs though, but it *should* work if they're uploaded to a image sharing service like Imgur. I'll test it here in a second.

EDIT: GIFs work fine.

I guess I could write up a quick avatar tutorial if it's needed.
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

marko

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 9139
Re: Forums SSL/HTTPS support testing
« Reply #25 on: June 15, 2017, 07:12:10 am »

I think I managed to sort mine this morning. See glynor's has gone awol too...

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #26 on: June 15, 2017, 07:32:36 am »

Ah, you're right. Looks like the image proxy isn't working right now with a ERR_EMPTY_RESPONSE error.

Paging Bob! :P
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones

rudyrednose

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 344
  • nothing more to say...
Re: Forums SSL/HTTPS support testing
« Reply #27 on: June 15, 2017, 10:40:39 am »

Thank you Bob, and everyone who pitched in...
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Forums SSL/HTTPS support testing
« Reply #28 on: June 15, 2017, 10:59:48 am »

Thank you Bob, and everyone who pitched in...
There's more security news here:
https://yabb.jriver.com/interact/index.php/topic,110982.0.html
Logged

bob

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 13871
Re: Forums SSL/HTTPS support testing
« Reply #29 on: June 15, 2017, 03:32:51 pm »

Ah, you're right. Looks like the image proxy isn't working right now with a ERR_EMPTY_RESPONSE error.

Paging Bob! :P
Ok, it's good now.
Thanks for the report.
Logged

Awesome Donkey

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 7804
  • Autumn shade...
Re: Forums SSL/HTTPS support testing
« Reply #30 on: June 15, 2017, 03:59:50 pm »

Confirmed, fixed!
Logged
I don't work for JRiver... I help keep the forums safe from "male enhancements" and other sources of sketchy pharmaceuticals.

Windows 11 24H2 Update 64-bit + Ubuntu 24.10 Oracular Oriole 64-bit | Windows 11 24H2 Update 64-bit (Intel N305 Fanless NUC 16GB RAM/500GB M.2 NVMe SSD)
JRiver Media Center 33 (Windows + Linux) | iFi ZEN DAC 3 | JBL 306P MkII Studio Monitors | Audio-Technica ATH-M50x Headphones
Pages: [1]   Go Up