Register Arama Bugünkü Mesajlar Tüm Forumu Okundu Say

Reply
 
Thread Tools
How to enable full ssl
vB.Org Poster
vB.Org Poster has disabled reputation
Kayıt Tarihi: Jul 2018
Mesajlar: 298

Show Printable Version Email this Page
yazan vB.Org Poster 10 Jul 2018, 15:30

I'll be discussing how to enable full ssl and how to block unsecure content here.

The first big thing to do comes from a vbulletin.com article and is revised a bit.

vBulletin 3
Go to vBulletin Options > vBulletin Options > Site Name / URL / Contact Details.
Edit 'Forum URL' and add the 's' into the URL.
For example, if your URL is 404 - File or directory not found., change it to https://www.contoso.com/forum

Then go to Settings > vBulletin Options > vBulletin Options > Server Settings & Optimization Options > Use Remote YUI
Set this to None.

vBulletin 4
Go to Settings > Options > Site Name / URL / Contact Details.
Edit 'Forum URL' and add the 's' into the URL.
For example, if your URL is 404 - File or directory not found., change it to https://www.contoso.com/forum

Then go to Settings > Options > Server Settings & Optimization Options > Use Remote YUI
Set this to None.

vBulletin 5
Go to vBulletin Options > vBulletin Options > Site Name / URL / Contact Details.
Edit these three settings: 'vBulletin URL'; 'Login URL'; 'Core URL' and add the 's' into the URL.
For example, if your URL is 404 - File or directory not found., change it to https://www.contoso.com/forum
NOTE: Do not remove the word 'core' at the end of the core URL. You will break your site!

All Versions
Then go to Settings > Options > Server Settings & Optimization Options > Use Remote jQuery
Set this to None.

The key to all three vBulletin versions is that all you do in the URL settings is change http to https. Do not alter any other part of the URL.

Once you have changed these settings, go to AdminCP > Maintenance > General Update Tools, and rebuild the styles. (In vB3 this is AdminCP > Maintenance > Update Counters). Leave the default settings and just run this update tool.
After you get this done, you want to set a rewrite rule in htaccess.

This is what I use to rewrite http to https.


Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

Next go to cloudflare and enable these settings (under Crypto)
* SSL - Full
* Edge Certificates - make one "The certificates in the pack listed below are managed and auto-renewed by Cloudflare."
*HSTS

Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

* Require Modern TLS - On
* Opportunistic Encryption - On
* TLS 1.3 - Enabled+0RTT
* Automatic HTTPS Rewrites - On

Why Should I use Automatic HTTPS Rewrites?
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).




Mixed content is often due to factors not under the website owner’s control such as embedded third-party content or complex content management systems. By rewriting URLs from “http” to “https”, Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS, helping to eliminate mixed content errors and ensuring that all data loaded by your website is protected from eavesdropping and tampering.




Does Automatic HTTPS Rewrites fix all mixed content errors?
No. Only URLs that are known to support HTTPS will be rewritten. We use data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list, among others, to identify which domains support HTTPS. If your zone is not on one of these lists, only active content will be rewritten. Passive content (such as images) will not be rewritten and will still cause mixed content errors.
That does it for cloudflare, after doing all of the above, your site is ready for SSL!

*Important! One last thing to do to ensure full SSL compatability is making sure that no insecure requests come through, this is how to do it with a description of what it does in the link.

Pop this in your headerincludes


Kod Blok Kilitli:      (Kayıt veya giriş yapmalısın)  
Engellenmiş, kayıtlı olmayan veya onay bekleyen kişiler kodlara erişemezler.

More info: CSP: upgrade-insecure-requests - HTTP | MDN

One extra thing that I do is use this mod. It fetches external images and serves them locally, meaning that they will not violate the mixed content policy due to the rewrite we did earlier.

There is also another mod that you can use to locally serve insecure (http) images.
Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution - vBulletin.org Forum
Views: 44
Reply With Quote
Reply

Thread Tools

Şunları Yapabilirsin
Yeni Konu Açmak
Konuya Cevap Yazmak
Eklenti Eklemek
Düzenleme Yapabilmek

Forum Atla


LD'de Yeni misin? Yardıma mı ihtiyacın var?

All times are GMT +3. The time now is 09:46.

Tasarım Özelliği | Genişlik: Geniş Renk: How to enable full ssl How to enable full ssl How to enable full ssl How to enable full ssl How to enable full ssl