add SSL so we can access boundforum securely over HTTPS

Latest information for Gromet's Plaza, GaggedUtopia's Archive. Off-Topic discussion, suggestions and comments are always welcome.
mcslavey
Unfettered Newbie
Posts: 10
Joined: 29 Dec 2009, 06:42

add SSL so we can access boundforum securely over HTTPS

Unread post by mcslavey »

Currently (2018-05-02) boundforum seems only to be accessible via HTTP, including the login page. I assume this means that users' logins and passwords are being transmitted across the internet in plaintext.

Navigating to HTTPS://boundforum.com/ shows a "not secure" warning in the browser address bar and resolves to a page that simply says "greybolt.com".

Given the topics discussed on the site and users' overwhelming interest in privacy, the forum should provide encrypted HTTPS connections by default.

Depending on the host operating system of the server, adding free SSL certificates from LetsEncrypt.org could be as simple as executing a few commands on the server. LetsEncrypt "Certbot" provides guides for a variety of OS-server combinations. For instance, Ubuntu 14.04 'trusy' + nginx:

Code: Select all

# On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages. 

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Code: Select all

# Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it:

$ sudo certbot --nginx

If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:
$ sudo certbot --nginx certonly
Alternatively, I think partial SSL encryption (between cloudflare and users) can be enabled via the cloudflare dashboard, (assuming boundforum uses cloudflare): https://www.cloudflare.com/ssl/

Cloudflare also provides documentation on how to setup full SSL via LetsEncrypt w/ certbot: Cloudflare Knowledgebase - How to Validate a Let’s Encrypt Certificate on a Site Already Active on Cloudflare

Let me know if I can help with any of this, or if I've misunderstood something. Thanks!

mcslavey
Unfettered Newbie
Posts: 10
Joined: 29 Dec 2009, 06:42

Re: add SSL so we can access boundforum securely over HTTPS

Unread post by mcslavey »

https://boundforum.com screenshot
https://boundforum.com screenshot
Screen Shot 2018-05-02 at 9.22.30 AM.png (21.86 KiB) Viewed 10803 times
ssllabs.com SSL Report
ssllabs.com SSL Report
https://www.ssllabs.com/ssltest/analyze ... dforum.com

mcslavey
Unfettered Newbie
Posts: 10
Joined: 29 Dec 2009, 06:42

Re: add SSL so we can access boundforum securely over HTTPS

Unread post by mcslavey »

bump bump... anyone else care about this?

mcslavey
Unfettered Newbie
Posts: 10
Joined: 29 Dec 2009, 06:42

Re: add SSL so we can access boundforum securely over HTTPS

Unread post by mcslavey »

Related thread about users using TOR for more "secure" access http://boundforum.com/viewtopic.php?f=4&t=106367

One Pivot
Chair Bound
Posts: 67
Joined: 31 Aug 2016, 01:05

Re: add SSL so we can access boundforum securely over HTTPS

Unread post by One Pivot »

I suppose I just don't care. I also use a unique password for forums since they're generally less secure. Nothing to really steal from me here.
See my handmade leather bondage gear here! https://www.etsy.com/shop/leatherbyonepivot

bnngh
Unfettered Newbie
Posts: 1
Joined: 04 Jan 2019, 20:54

Re: add SSL so we can access boundforum securely over HTTPS

Unread post by bnngh »

I do very much care about this!

Especially if you connect through an anonymizing network, it is very likely that someone steals your password.
I really hope this will be fixed soon.

Post Reply