|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
I have recently received emails from people on my site concerned about chrome and FF big bad warning about security.. I got a free SSL cert from my free cloudflare.com account, I spent a few days cleaning up links and problem solved. My forum has a large number of links to other threads within the forum. Would those all need to be modified to use "https", or would creating the the .htaccess code redirect take care of that? You need to update the links, htaccess only affects your domain name
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
Guys,
I appreciate the responses I've gotten to my posts in this thread. Maybe I'm being dense, but it seems like you've been missing my questions and giving me answers to things I didn't ask.
I give up... Just enable ssl and see for yourself. There are no pop-ups or anything.. People will stop getting the unsecured warnings they are getting now.
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
And if you're on CloudFlare, the following page rule will redirect all of your traffic to use SSL: Match: example.com/* Forwarding URL 301 Redirect Destination: https://www.example.com/$1 I assume this is in the cliudflare rules? I have yet to use that feature
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
I assume this is in the cliudflare rules? I have yet to use that feature Yup, the rules do processing before the request to your server, so your server won't have to do as much. I have my no-WWW -> WWW and my Non-Secure -> Secure processing
|
|
|
|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
when I try to add the 301 rule, either via htaccess or cloudflare, it seems to break my site, I get an error about to many redirects. (even with htaccess completely removed)
Last edited by Bad Frog; 03/23/2017 9:00 PM.
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: May 2006
Posts: 243 Likes: 1
Enthusiast
|
Enthusiast
Joined: May 2006
Posts: 243 Likes: 1 |
Say... Is there a UBB.t forum around that is already running under https, where I can join and try some experimental posting?
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
|
|
|
|
Joined: Apr 2004
Posts: 1,973 Likes: 154
|
Joined: Apr 2004
Posts: 1,973 Likes: 154 |
Both Gizmo and I have https setup on a few of our forums for quite some time. Gizmo is running one of his forums through cloudflair's https system (as posted above) and I am running one of mine through a cert installed on my server. One of Gizmo's forums: https://www.agardenersforum.com/forum/One of mine: https://www.celicahobby.com/Beware though, these are live forums, so if you are posting off topic random things to either of the forums, one of the mods may delete the posts or take action on your account
|
|
|
|
Joined: May 2006
Posts: 243 Likes: 1
Enthusiast
|
Enthusiast
Joined: May 2006
Posts: 243 Likes: 1 |
Thanks for the links. So I took a peek. Sure is hard to find any people posting a link to another thread, so I gave that up. But I did to this: With any links within the forums, I see they start with "https". I copy the link, move to a different browser tab, paste the link, but take the s out of https. Hit enter, and your site (or the browser) adjusts the link and displays the correct page. So that experience doesn't equate with this:Existing links within your posts, pm's, and user avatars will all retain their HTTP; unless you're super comfortable with crafting and executing queries directly to your database I would advise hiring the task out. Gizmo is pretty much saying everything must be changed, or the worries that someone like ECnet kept trying to ask about will be true. Which way IS it?
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
Thanks for the links. So I took a peek. Sure is hard to find any people posting a link to another thread, so I gave that up. Well, the links they'll have TO other threads will be HTTPS if you make all traffic use it (as the link they'll create by copying from the address bar will have been over a secure connection. But I did to this: With any links within the forums, I see they start with "https". I copy the link, move to a different browser tab, paste the link, but take the s out of https. Hit enter, and your site (or the browser) adjusts the link and displays the correct page. All of my database content of all internal links on my pages where updated in the database; if you don't do database maintenance then your existing content links for posts, avatars, and signatures will remain as they where created. Additionally, any non-secure requests on my sites are automatically forwarded to the secure version via my CDN's Page Rules configuration.
|
|
|
|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
My site uses https. First thing I did was update all links to external sites (advertising, stat counters, etc) from http to https. If they didn't support https at all, I deleted them.
Then I ran some database queries {with help from Gizmo and Isaac) to search and replace all internal links in user posts, etc from http to https.
CloudFlare automatically forces https for me (can also be forced via htaccess) , thanks to the rules page Gizmo mentioned, but before that, if you only entered http:// you would get the grey warning, instead of the green lock.
My site is vanning.com
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
First thing I did was update all links to external sites (advertising, stat counters, etc) from http to https. If they didn't support https at all, I deleted them. Yeah, a lot of sites don't use SSL, such as Photobucket; so users embedding offsite content from non-ssl sites will mark that page as having shared assets (items from both secure and insecure places) Then I ran some database queries {with help from Gizmo and Isaac) to search and replace all internal links in user posts, etc from http to https. I'm glad to hear that you got yourself up and running. Be sure that you create new properties at Google for your https site, it's treated as a seperate property than your non-secure site. Also, my UBB.Sitemaps and UBB.MemberMaps addons both support secure sites, whatever URL it's accessed from will push that type of url (so on your secure property at Gooogle you'd request the ssl version of the sitemap).
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
My site uses https. Then I ran some database queries {with help from Gizmo and Isaac) to search and replace all internal links in user posts, etc from http to https. Any chance of sharing those queries ? Ive looked into this and Google Site Maps is wayyyyyy down.... it has Submitted 45,000 urls from site maps, but only indexed 9,000 after some reading my old http links within could be causing the problem. I have resubmitted Gizmos site map twice now over a week period and its still the same. BTW I am still on 7.5x not 7.6x I wanted to get my site https then upgrade, as i know i have a working forum. Thanks for any help.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
It's pretty involved (user avatars, user signatures, the compiled and non-compiled post data, and the pt's), but it's basically just MySQL Replace followed by rebuilding post content. Be sure to backup your databases before you begin any maintenance to the UBB.threads database. The command should be run from the MySQL command line or at the very least PHPMyAdmin, and is CaSe SeNsItIvE, so if you've used different formatting for your domain, you'll need to pass all types of that formatting. An example, a client had MyWebsite.com MyWebSite.com mywebsite.com www.mywebsite.com www.MyWebsite.com www.MyWebSite.com in their database as entries for their domain; so each had to be run through the update (where I replaced everything with their lowercase non-www version). Note that the SSL property is an entirely new property and it can take months to fully reindex your site; it won't be overnight, weekly, or even a month long thing, and depending on how much content you have, it can take some time for everything to be re-indexed.
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
I done a quick Google its not that difficult to do. As you say Gizmo, back up and test it first, which I will do.
What's strange with my site map it indexed 18,000 and over a week has dropped to 9,000 out of 65,000 submitted.
Previously with site maps it was indexed with in 3 - 4 days, from my old images I kept as a reminder.
It could also be goggles algorithm again. In January site index dropped to 0 which I never picked up on, I think it was that, and no site map was listed, hence re-submitting it again. So check webmaster tools just incase Google has killed of any site maps.
Im sure it will come together.
Avatars, i had about 100 users were using from our uploads, so i manually updated those to https lol.
For now, I think I only have the posts table to search and replace, avatars has been done.
Would you recommend updating all urls in topics to https,even if an external site is not https at this time. Or just internal site links, as they should also have redirects in place.
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
Only update your domain, as you have no control over other domains (do a find/replace for your existing URL format, http://www.whatever); do NOT update other URLs to 3rd party sites/content until you know they support Secure URLs as you'll just end up with a bunch of non-functioning URLs.
|
|
|
|
Joined: Jul 2006
Posts: 4,057
|
Joined: Jul 2006
Posts: 4,057 |
Thank you Gizmo. As Mark Bows turns and leaves the room. Clever fella that Gizmo fella... Just like Isaac yu know
BOOM !! Version v7.6.1.1 People who inspire me Isaac ME Gizmo
|
|
|
|
Joined: Apr 2004
Posts: 1,973 Likes: 154
|
Joined: Apr 2004
Posts: 1,973 Likes: 154 |
Gizmo often steps in to handle difficult tasks... often.
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
I do love the 3am "Hey, take a look at this" followed up by "how about we try it like this?" lol
|
|
|
|
Joined: May 2008
Posts: 753 Likes: 1
Old Hand
|
Old Hand
Joined: May 2008
Posts: 753 Likes: 1 |
I tested each external link by changing it to Https first before changing anything on my site
"No matter where you go, there you are." "If you can't do something smart, Do something right" "There are three kinds of people in the world, those who can count, and those who can't"
|
|
|
|
Joined: Mar 2007
Posts: 307 Likes: 3
Enthusiast
|
Enthusiast
Joined: Mar 2007
Posts: 307 Likes: 3 |
Question for Gizmo...
After going to ssl do any settings or language in ubb.sitemap need to be changed?
|
|
|
|
Joined: Jun 2006
Posts: 16,365 Likes: 126
|
Joined: Jun 2006
Posts: 16,365 Likes: 126 |
If you're running a recent build (latest is v0.10, released on October 26th, 2015) there shouldn't be anything you have to worry about, as the URL scheme is read based on how the script is fetched.(if it's fetched over SSL it will write all of the URLs as SSL).
|
|
|
|
Joined: Mar 2007
Posts: 307 Likes: 3
Enthusiast
|
Enthusiast
Joined: Mar 2007
Posts: 307 Likes: 3 |
|
|
|
0 members (),
1,613
guests, and
50
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|