SSL for VPSB?

[HostUS-Alexander]

Hey,


My work network dosen't filter websites, but if the website loads contains content like bad language the page is filtered, this does not happen on SSL Sites as HTTPS traffic is encrypted, so they can't view the web page.


Is it possible to get SSL for vpsboard.com? Its only a few dollors off the ad profit ;P


- Alexander

 

[peterw]

The cpu overhead of ssl will not kill the server so there should no reason to prohibit ssl usage.

 

[KuJoe]

Why not use a VPN or proxy? I have no problem with an SSL option as long as it's not forced because it's so much slower for me than non-SSL (Comcast throttles any traffic that is encrypted regardless of the port, my VPN speed is less than 4Mbps compared to my non-VPN speed of 20Mbps).

 

[HostUS-Alexander]

Why not use a VPN or proxy? I have no problem with an SSL option as long as it's not forced because it's so much slower for me than non-SSL (Comcast throttles any traffic that is encrypted regardless of the port, my VPN speed is less than 4Mbps compared to my non-VPN speed of 20Mbps).

I use a VPN on my IPhone and Neus7 but i can't on the computer, as the restrictions don't let me run any program.

I use a web proxy sometimes, but its slower. No provider in the UK throttles HTTPS Traffic here.

 

[MannDude]

It's something I've been meaning to do, but was going to wait to do it with some other planned maintenance in the future.

I'll have to relook into it again. Originally I wanted to have the option of https://, not force it, but now I'm considering just enabling it sitewide.

 

[HostUS-Alexander]

It's something I've been meaning to do, but was going to wait to do it with some other planned maintenance in the future.

I'll have to relook into it again. Originally I wanted to have the option of https://, not force it, but now I'm considering just enabling it sitewide.

The option to have it would be nice, forcing is not required.

Thank you,

- Alexander

 

[MannDude]

The option to have it would be nice, forcing is not required.

Thank you,

- Alexander

Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe. I'll look into it again, been a couple months since I last looked it up. If I recall correctly, it wasn't as straight forward as you'd imagine but I may be wrong (I usually am)

 

[peterw]

Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe.

Add the ssl settings to the ngix configuration

server {
    listen 80;
    listen [::]:80 ipv6only=on;
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    ssl_certificate cert.pem;
    ssl_certificate_key cert.key;
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
}

 

[MannDude]

Add the ssl settings to the ngix configuration


server {
listen 80;
listen [::]:80 ipv6only=on;
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;

ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}

Lighttpd. Busy now, will look more into it later.

 

[KuJoe]

Lighttpd is even easier:


$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/website.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/SSLCA.crt"
}
So only port 443 (HTTPS) will have SSL and port 80 stays SSL free.

The code above is from 01/2012 so you might need to add some lines to pass this test.

 

[Mun]

Wait then why is the server stated at Nginx 1.5.6?

Mun

 

[KuJoe]

Wait then why is the server stated at Nginx 1.5.6?

Mun

Reverse proxy?

 

[willie]

Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe. I'll look into it again, been a couple months since I last looked it up. If I recall correctly, it wasn't as straight forward as you'd imagine but I may be wrong (I usually am)

I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.

 

[Raymii]

It would be nice to have my login data not go over the wire plaintext.

 

[Damian]

So did Martin-D ever get in touch with you about me wanting to donate an SSL cert to vpsboard? I brought this up with him last week.

 

[adly]

I'd like to throw my support in for SSL to be default/always on. From what I can tell HTTP/2.0 is going down this path, with plaintext connections having to use HTTP/1.1 for now.

 

[MannDude]

So did Martin-D ever get in touch with you about me wanting to donate an SSL cert to vpsboard? I brought this up with him last week.

No, but Phil did. Don't need a donation for it, can pay for it myself. Thanks though.

 

[KuJoe]

I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.

I think it already loads slow enough, no need to cripple the site for me. If SSL is required then I guess I can always RSS the site but that's not an ideal solution.

 

[peterw]

I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.

We can start with the optional ssl to test the page loading times and the load on the server.

 

[trewq]

I think it already loads slow enough, no need to cripple the site for me. If SSL is required then I guess I can always RSS the site but that's not an ideal solution.

Is there a reason you know of why it's so slow? This site loads faster than most for me.