HTTPS support
-
I guess this needs help from Alex, but still: is any support planned for HTTPS access to the forums?
I don't like handing out my username/password nor my session cookies on public Wifi...
-
well did you reuse your password for this site anywhere else?
is there any personally sensitive information about you on this site that could be used as an escalation attack to perpetrate identity fraud?
no? then HTTPS is probably not that bug of a deal.
That being said; @apapadimoulis, can we have HTTPS please?
-
That being said; @apapadimoulis, can we have HTTPS please?
I vote for self signed, so we have a wtfy warning when we visit the site.
-
I vote for self signed, so we have a wtfy warning when we visit the site.
while i'd prefer one from a trusted root certificate provider, i do admit self signed would be more like us...
-
Sure? I will need a grown-up to help set it up though.
I set up an SSL thing like once, several years ago, in IIS6 by following some tutorial.
-
Apache or Nginx?
I've set up both before. Evidence of Nginx: http://staradept.com (look where you land after clicking through)
unfortunately the site i set it up for in apache let the certificate lapse so i no longer have evidence of that.
my services fee is 3.75 M&Ms or 1.26 Recees Pieces per consultation. no minimum callout.
-
Fairly sure the Vagrant container for DC uses nginx as a reverse proxy in front of RoR etc.
-
so that means nginx, that i can do easy., but vagrant complicates things... how does that handle updates and things? does it nuke configuration?
/me heads off to do research
EDIT: Oh. it is really simple.
@sam on meta.d posted a howto in 7 easy steps: https://meta.discourse.org/t/allowing-ssl-for-your-discourse-docker-setup/13847
(where step 6 is ??? and step 7 is Profit!)
-
well did you reuse your password for this site anywhere else?
is there any personally sensitive information about you on this site that could be used as an escalation attack to perpetrate identity fraud?
I generate random passwords for logins, so I'm not TRWTF today. But think of what would happen if someone would start misusing my title rename rights…
Oh wait, renames already happen. Carry on.
-
You can get free domain-validated certificates at startssl.com, and setting them up in IIS7 and up is a breeze.
-
-
-
I don't know man, that site looks pretty janky.
That's hardly unusual for a CA; they're hardly ever inspiring in their web design. Rather like DNS registrars…
-
I vote for self signed, so we have a wtfy warning when we visit the site.
Props for the idea, but please no.
-
That's hardly unusual for a CA; they're hardly ever inspiring in their web design.
ahem https://www.digicert.com/ or http://www.verisign.com/
Rather like DNS registrars…
ahem
-
...and why do people use aliases, again?
-
Pong