Register Members List Search Today's Posts Mark Forums Read

Reply
 
Article Options
How to enable full ssl
final kaoss
Join Date: Apr 2006
Posts: 1,191

by final kaoss final kaoss is offline 17 Feb 2018
Rating: (2 votes - 5.00 average)

I'll be discussing how to enable full ssl and how to block unsecure content here.

The first big thing to do comes from a vbulletin.com article and is revised a bit.

Originally Posted by https://www.vbulletin.com/forum/articles/4361080-converting-your-forum-to-https
vBulletin 3
Go to vBulletin Options > vBulletin Options > Site Name / URL / Contact Details.
Edit 'Forum URL' and add the 's' into the URL.
For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum

Then go to Settings > vBulletin Options > vBulletin Options > Server Settings & Optimization Options > Use Remote YUI
Set this to None.

vBulletin 4
Go to Settings > Options > Site Name / URL / Contact Details.
Edit 'Forum URL' and add the 's' into the URL.
For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum

Then go to Settings > Options > Server Settings & Optimization Options > Use Remote YUI
Set this to None.

vBulletin 5
Go to vBulletin Options > vBulletin Options > Site Name / URL / Contact Details.
Edit these three settings: 'vBulletin URL'; 'Login URL'; 'Core URL' and add the 's' into the URL.
For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum
NOTE: Do not remove the word 'core' at the end of the core URL. You will break your site!

Then go to Settings > Options > Server Settings & Optimization Options > Use Remote jQuery
Set this to None.

The key to all three vBulletin versions is that all you do in the URL settings is change http to https. Do not alter any other part of the URL.

Once you have changed these settings, go to AdminCP > Maintenance > General Update Tools, and rebuild the styles. (In vB3 this is AdminCP > Maintenance > Update Counters). Leave the default settings and just run this update tool.
After you get this done, you want to set a rewrite rule in htaccess.

This is what I use to rewrite http to https.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

Next go to cloudflare and enable these settings (under Crypto)
* SSL - Full
* Edge Certificates - make one "The certificates in the pack listed below are managed and auto-renewed by Cloudflare."
*HSTS

Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

* Require Modern TLS - On
* Opportunistic Encryption - On
* TLS 1.3 - Enabled+0RTT
* Automatic HTTPS Rewrites - On

Why Should I use Automatic HTTPS Rewrites?
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).




Mixed content is often due to factors not under the website owner’s control such as embedded third-party content or complex content management systems. By rewriting URLs from “http” to “https”, Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS, helping to eliminate mixed content errors and ensuring that all data loaded by your website is protected from eavesdropping and tampering.




Does Automatic HTTPS Rewrites fix all mixed content errors?
No. Only URLs that are known to support HTTPS will be rewritten. We use data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list, among others, to identify which domains support HTTPS. If your zone is not on one of these lists, only active content will be rewritten. Passive content (such as images) will not be rewritten and will still cause mixed content errors.
That does it for cloudflare, after doing all of the above, your site is ready for SSL!

*Important! One last thing to do to ensure full SSL compatability is making sure that no insecure requests come through, this is how to do it with a description of what it does in the link.

Pop this in your headerincludes


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

More info: CSP: upgrade-insecure-requests - HTTP | MDN

One extra thing that I do is use this mod. It fetches external images and serves them locally, meaning that they will not violate the mixed content policy due to the rewrite we did earlier.

There is also another mod that you can use to locally serve insecure (http) images.
https://www.vbulletin.org/forum/showthread.php?t=288060

Last edited by final kaoss; 03 Mar 2018 at 17:05..
Views: 6737
Reply With Quote
Comments
  #2  
Old 25 Feb 2018, 15:06
final kaoss final kaoss is offline
 
Join Date: Apr 2006
After you enable https, you most likely will experience a drop in traffic for some time. You can read more about that here.
http://www.seoblog.com/2017/07/rankings-drop-https-ssl/

There are benefits including security plus using less server cpu & bandwidth. Some are
  1. is binary, instead of textual
  2. is fully multiplexed, instead of ordered and blocking
  3. can therefore use one connection for parallelism
  4. uses header compression to reduce overhead
  5. allows servers to “push” responses proactively into client caches
  6. Wait what? Don't worry - let's try to explain this a bit in layman's terms.

Binary instead of textual: this is something which makes transfer and parsing of the data much more efficient. Binary data transfer is also much less prone to errors.

Fully multiplexed: again, simply put, with HTTP the problem was that each connection was prone to blocking the connetions after it. Imagine yourself in the queue to get into your favourite sports match, but rather than having multiple entry points, you only had 1 turnstile. You can imagine that things can get very very slow. Multiplexing allows multiple files and requests to be transferred at the same time. In the turnstile example, rather than have one person going in at a time, we have 10 gates, with 10 turnstiles going in together.

Use one conection for parallelism: as we mentioned before, when a connection is expensive to create, if you keep creating and closing it for every resource you need, you're going to create a serious overhead issue. Multiplexing allows the same connection to be reused over and over again. Imagine the connection as a pipe through which data keeps flowing until you don't have any more data. Also, do note that for any website, you will typically have the browser talking to multiple web servers for various 3rd party scripts and resources (Facebook sharing scripts, Twitter, Google Analtics, Ad networks etc. etc.) Having one connection for each of these is more efficient.

Header compression is also another efficient way of removing several of the overheads associated with having to retrieve several different resources from the same or multiple web servers. Once again, typically rather than having to perform multiple to and fro trips, one trip is typically enough.

Allows servers to push resources proactively: this is a way that the server, rather than waiting for the client browser to request the different resources as per our first example, it will proactively send them resources they will probably need. This is called HTTP/2 Server push.

Thanks to collectiveray for the info.

Last edited by final kaoss; 03 Mar 2018 at 23:17.
Reply With Quote
Reply

Similar Article
Article Author Type Replies Last Post
SSL Secure your Private Messages CJi vBulletin 2.x Full Releases 6 22 Jun 2002 17:49



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Article Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 04:36.

Layout Options | Width: Wide Color: