SSL for VPSB?

Discussion in 'The Pub (Off topic discussion)' started by HostUS-Alexander, Nov 26, 2013.

Thread Status:
Not open for further replies.
  1. HostUS-Alexander

    HostUS-Alexander Active Member Verified Provider

    255
    48
    May 15, 2013
    Hey,


    My work network dosen't filter websites, but if the website loads contains content like bad language the page is filtered, this does not happen on SSL Sites as HTTPS traffic is encrypted, so they can't view the web page.


    Is it possible to get SSL for vpsboard.com? Its only a few dollors off the ad profit ;P


    - Alexander
     
  2. peterw

    peterw New Member

    800
    189
    Jun 14, 2013
    The cpu overhead of ssl will not kill the server so there should no reason to prohibit ssl usage.
     
  3. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    Why not use a VPN or proxy? I have no problem with an SSL option as long as it's not forced because it's so much slower for me than non-SSL (Comcast throttles any traffic that is encrypted regardless of the port, my VPN speed is less than 4Mbps compared to my non-VPN speed of 20Mbps).
     
    Last edited by a moderator: Nov 26, 2013
  4. HostUS-Alexander

    HostUS-Alexander Active Member Verified Provider

    255
    48
    May 15, 2013
    I use a VPN on my IPhone and Neus7 but i can't on the computer, as the restrictions don't let me run any program.

    I use a web proxy sometimes, but its slower. No provider in the UK throttles HTTPS Traffic here.
     
  5. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    It's something I've been meaning to do, but was going to wait to do it with some other planned maintenance in the future.

    I'll have to relook into it again. Originally I wanted to have the option of https://, not force it, but now I'm considering just enabling it sitewide.
     
  6. HostUS-Alexander

    HostUS-Alexander Active Member Verified Provider

    255
    48
    May 15, 2013
    The option to have it would be nice, forcing is not required.

    Thank you,

    - Alexander
     
  7. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe. I'll look into it again, been a couple months since I last looked it up. If I recall correctly, it wasn't as straight forward as you'd imagine but I may be wrong (I usually am)
     
  8. peterw

    peterw New Member

    800
    189
    Jun 14, 2013
    Add the ssl settings to the ngix configuration

    Code:
    server {
        listen 80;
        listen [::]:80 ipv6only=on;
        listen 443 ssl;
        listen [::]:443 ipv6only=on ssl;
    
        ssl_certificate cert.pem;
        ssl_certificate_key cert.key;
        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;
    }
    
     
    drmike likes this.
  9. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Lighttpd. Busy now, will look more into it later. :)
     
  10. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    Lighttpd is even easier:


    $SERVER["socket"] == ":443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/ssl/website.com.pem"
    ssl.ca-file = "/etc/lighttpd/ssl/SSLCA.crt"
    }
    So only port 443 (HTTPS) will have SSL and port 80 stays SSL free. :)

    The code above is from 01/2012 so you might need to add some lines to pass this test.
     
    Last edited by a moderator: Nov 26, 2013
    Zach and drmike like this.
  11. Mun

    Mun Never Forget

    892
    237
    May 9, 2013
    Wait then why is the server stated at Nginx 1.5.6?

    Mun
     
  12. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    Reverse proxy?
     
  13. willie

    willie Active Member

    760
    207
    May 24, 2013
    I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.
     
  14. Raymii

    Raymii New Member

    114
    43
    Jun 22, 2013
    It would be nice to have my login data not go over the wire plaintext.
     
  15. Damian

    Damian New Member Verified Provider

    368
    199
    May 17, 2013
    So did Martin-D ever get in touch with you about me wanting to donate an SSL cert to vpsboard? I brought this up with him last week.
     
    HalfEatenPie and Francisco like this.
  16. adly

    adly New Member

    14
    3
    Nov 10, 2013
    I'd like to throw my support in for SSL to be default/always on. From what I can tell HTTP/2.0 is going down this path, with plaintext connections having to use HTTP/1.1 for now.
     
  17. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    No, but Phil did. Don't need a donation for it, can pay for it myself. Thanks though.
     
  18. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    I think it already loads slow enough, no need to cripple the site for me. If SSL is required then I guess I can always RSS the site but that's not an ideal solution.
     
  19. peterw

    peterw New Member

    800
    189
    Jun 14, 2013
    We can start with the optional ssl to test the page loading times and the load on the server.
     
  20. trewq

    trewq Active Member Verified Provider

    452
    205
    May 15, 2013
    Is there a reason you know of why it's so slow? This site loads faster than most for me.
     
Thread Status:
Not open for further replies.