amuck-landowner

SSL for VPSB?

Status
Not open for further replies.

HostUS-Alexander

Active Member
Verified Provider
Hey,


My work network dosen't filter websites, but if the website loads contains content like bad language the page is filtered, this does not happen on SSL Sites as HTTPS traffic is encrypted, so they can't view the web page.


Is it possible to get SSL for vpsboard.com? Its only a few dollors off the ad profit ;P


- Alexander
 

peterw

New Member
The cpu overhead of ssl will not kill the server so there should no reason to prohibit ssl usage.
 

KuJoe

Well-Known Member
Verified Provider
Why not use a VPN or proxy? I have no problem with an SSL option as long as it's not forced because it's so much slower for me than non-SSL (Comcast throttles any traffic that is encrypted regardless of the port, my VPN speed is less than 4Mbps compared to my non-VPN speed of 20Mbps).
 
Last edited by a moderator:

HostUS-Alexander

Active Member
Verified Provider
Why not use a VPN or proxy? I have no problem with an SSL option as long as it's not forced because it's so much slower for me than non-SSL (Comcast throttles any traffic that is encrypted regardless of the port, my VPN speed is less than 4Mbps compared to my non-VPN speed of 20Mbps).
I use a VPN on my IPhone and Neus7 but i can't on the computer, as the restrictions don't let me run any program.

I use a web proxy sometimes, but its slower. No provider in the UK throttles HTTPS Traffic here.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
It's something I've been meaning to do, but was going to wait to do it with some other planned maintenance in the future.

I'll have to relook into it again. Originally I wanted to have the option of https://, not force it, but now I'm considering just enabling it sitewide.
 

HostUS-Alexander

Active Member
Verified Provider
It's something I've been meaning to do, but was going to wait to do it with some other planned maintenance in the future.

I'll have to relook into it again. Originally I wanted to have the option of https://, not force it, but now I'm considering just enabling it sitewide.
The option to have it would be nice, forcing is not required.

Thank you,

- Alexander
 

MannDude

Just a dude
vpsBoard Founder
Moderator
The option to have it would be nice, forcing is not required.

Thank you,

- Alexander
Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe. I'll look into it again, been a couple months since I last looked it up. If I recall correctly, it wasn't as straight forward as you'd imagine but I may be wrong (I usually am)
 

peterw

New Member
Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe.
Add the ssl settings to the ngix configuration

Code:
server {
    listen 80;
    listen [::]:80 ipv6only=on;
    listen 443 ssl;
    listen [::]:443 ipv6only=on ssl;

    ssl_certificate cert.pem;
    ssl_certificate_key cert.key;
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
}
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Add the ssl settings to the ngix configuration


server {
listen 80;
listen [::]:80 ipv6only=on;
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;

ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}
Lighttpd. Busy now, will look more into it later. :)
 

KuJoe

Well-Known Member
Verified Provider
Lighttpd is even easier:


$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/website.com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/SSLCA.crt"
}
So only port 443 (HTTPS) will have SSL and port 80 stays SSL free. :)

The code above is from 01/2012 so you might need to add some lines to pass this test.
 
Last edited by a moderator:

willie

Active Member
Well if it's going to be an off/on type thing it makes it a bit more complicated, I believe. I'll look into it again, been a couple months since I last looked it up. If I recall correctly, it wasn't as straight forward as you'd imagine but I may be wrong (I usually am)
I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.
 

adly

New Member
I'd like to throw my support in for SSL to be default/always on. From what I can tell HTTP/2.0 is going down this path, with plaintext connections having to use HTTP/1.1 for now.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
So did Martin-D ever get in touch with you about me wanting to donate an SSL cert to vpsboard? I brought this up with him last week.
No, but Phil did. Don't need a donation for it, can pay for it myself. Thanks though.
 

KuJoe

Well-Known Member
Verified Provider
I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.
I think it already loads slow enough, no need to cripple the site for me. If SSL is required then I guess I can always RSS the site but that's not an ideal solution.
 

peterw

New Member
I don't see any reason to not make it required and siteside, and I think that is preferable to making it optional.  More and more sites just enable it everywhere now.  Better to get rid of the possibility of users leaving it off when they really wanted it on, or of having some attacker somehow turn it off without the user notice anything odd, etc.
We can start with the optional ssl to test the page loading times and the load on the server.
 

trewq

Active Member
Verified Provider
I think it already loads slow enough, no need to cripple the site for me. If SSL is required then I guess I can always RSS the site but that's not an ideal solution.
Is there a reason you know of why it's so slow? This site loads faster than most for me.
 
Status
Not open for further replies.
Top
amuck-landowner