peterw
New Member
True. Want to upload my avatar on a secure page.
POLL: SSL for vpsBoard. Optional or forced site-wide?
- Thread starter MannDude
- Start date
As one of the more vocal supporters, I don't think it's terribly urgent, in the sense of "OMG drop everything and do it right now". I think it's important as a general practice and as a statement about who we are. But we've done without it for many months and a few more days won't make enough difference to be worth causing a lot of extra hassle for you. Anything reasonably timely is fine. Relax! We all appreciate the work you are doing for this site. There's no need to get overextended.
There shouldn't be much performance issue especially with more recent OpenSSL's that use the AESNI hardware for the bulk encryption. Encryption is fast these days. Gzip encoding costs much more cpu than encryption. One request if I may: be sure to configure the SSL for forward secrecy, i.e. using one of the DHE-prefixed cipher suites. There are still some subtler configuration issues after that, but DHE goes a long way.
Last edited by a moderator:
eva2000
Active Member
Noticed forums have switched to Nginx, so Nginx + SPDY SSL or go home
Speed difference between SPDY SSL vs non-SPDY SSL https://spdy.centminmod.com/spdytest.html and background SPDY info http://centminmod.com/nginx_configure_https_ssl_spdy.html
Last edited by a moderator:
Nginx reverse proxy, the webserver is still lighttpd though.Noticed forums have switched to Nginx, so Nginx + SPDY SSL or go home
Speed difference between SPDY SSL vs non-SPDY SSL https://spdy.centminmod.com/spdytest.html and background SPDY info http://centminmod.com/nginx_configure_https_ssl_spdy.html
eva2000
Active Member
Still should work fine for Nginx + SPDY SSL
example of Nginx + SPDY SSL
- https://blog.centminmod.com (forced SSL)
example of Nginx + SPDY SSL as reverse proxy to Ghost Blog express node.js backend
- https://ghost.centminmod.com (optional SSL)
Last edited by a moderator:
drmike
100% Tier-1 Gogent
WTF is that?
It's the damn placeholder head image for those that do not have an avatar.
That needs to be removed and hosted internally --- if it is something we have control over internally and not some gravatar doing it.
Gravatar, yeah, I've started blocking them manually on my end.
The SSL stuff, definitely need a wildcard domain level SSL cert and they aren't low end money. $50 a year minimum I'd guess.
Unsure what/how x4b handles SSL, but I'd be looking up there first before investing time/money on certs.
I can beat that price
http://www.alphassl.com/ssl-certificates/wildcard-ssl.html I ordered that.
Thanks XFS_Duke for reselling these at a discounted rate!
Thanks XFS_Duke for reselling these at a discounted rate!
People shouldn't have problems with it... If they do, then they need to contact their ISP... There should be no reason an ISP is slowing traffic down to SSL protected websites. Hell, anything you do financially is protected by an SSL... So, why slow you down?
