I’m happy to announce that the discussion forums are now HTTPS/SSL enabled.
I’ve been wanting to-do this for sometime now but only found the time over the holidays to make the necessary changes and test everything. This will help guarantee that the user credentials you use to login along with the session cookie will now be secure from potential eavesdropping.
I’m running Simple Machines Forum software on the discussion forums and while it doesn’t “support” HTTPS/SSL nativly it’s not hard to set everything up manually. Here are the steps I took to enable HTTPS/SSL for Simple Machines Forum.
- Purchase certificate from RapidSSL
- Install certificate into Nginx web server configuration.
- Change base URL using repair_settings.php
- Change Google Adsense code to HTTPS
- Change Statcounter code to HTTPS
I’m using Nginx and Server Name Indication (SNI) so you’ll need a fairly modern web browser.
Update: Tuesday January 6, 2015 @ 6:00PM
As I suspected some of the URLs that the PrettyURLs mod was re-writing were getting set back to HTTP. I found the solution documented on the PrettyURL homepage/wiki. I added a file called fix.php into the root of my webserver with the following contents;
$boardurl)); pretty_update_filters(); ?>
I then executed that code by calling the URL from a web browser after which I removed the file.
With that step done now all the links in the HTML source are correct and everything is working properly.
Update: Tuesday January 6, 2015
I’ve discovered that this change is going to require some additional work. A number of links are still pointing toward HTTP as opposed to HTTPS. I went to the effort this evening to dump the MySQL database and search and replace all links with the HTTPS variant. I was hoping this change would help fix a few other problems, unfortunately not. If you look at the source HTML you’ll see that a few of the links are still holding on to the http://forums.networkinfrastructure.info as opposed to the https://forums.networkinfrastructure.info. I believe the PrettyURLs mod is writing some of the links but it’s using HTTP as opposed to HTTPS. Now I need to dig down into the code and determine what’s broken and where.
Image Credit: Mike Cooke