HTTPS is now enabled for the forum

After 8hrs of casual slightly stressful Sunday afternoon server config HTTPS is now enabled for the new forum :smiley:

Please report any HTTP issues to this thread…

The pain points came from having the move HTTPS from Apache to Nginx and then reverse proxy via socket to docker instance for the Discourse forum and to Apache for PHP requests on our old sites. I wrote more about this here:

I have had to re-create all the SSL certificate for all our sites. I have gone for using a free cloud flare SSL certificate to secure the connection between our server and cloudflare. Cloudflare then presents it’s own certificate to users:
https://blog.cloudflare.com/universal-ssl-encryption-all-the-way-to-the-origin-for-free/

I’m getting a warning in Firefox that some parts of the site are not secure such as images and if I mouse over the padlock I get a warning that ‘This website does not supply identity information.’.

I’m thinking something’s not right too as I don’t see the green padlock - usually caused by mixed content. I’ll do a little digging!

no padlock for me even though I do see the https://

…in fact it’s the Oem favicon which is being served http and not https, and which is causing the problem (mixed content).
@glyn.hudson the Oem favicon needs moving to the https://community.openenergymonitor.org sub-domain, instead of linking to it from http://guide.openenergymonitor.org/images/favicon-144.png

Paul

I note that I get a similar issue when I view a topic/thread on the old forum as well.

I’m also seeing a browser error that;
https://community.openenergymonitor.org/discourse/components/home-logo
module is missing or not accessible.
(Don’t know if it’s connected, but number of changes were made to the home-logo.js.es6 in discourse’s github repo just 2 days ago)

Paul

…in fact it’s the Oem favicon which is being served http and not https, and which is causing the problem (mixed content).
@glyn.hudson the Oem favicon needs moving to the https://community.openenergymonitor.org sub-domain, instead of linking to it from http://guide.openenergymonitor.org/images/favicon-144.png

Thanks for debugging, should be fixed now. You may need to clear your cache.

What browser are you using? I don’t see any errors in Chrome. Could you post a screen grab?

I’m using Chrome also - in developers mode (F12)

…and in Firefox

Thanks for the info. The header logo error should now be fixed. Thanks to the info on this thread it was due to a recent upgrade to Discourse header which required a change in the way we do the redirect to /latest on the top logo is clicked

1 Like

All looks good now!

Paul

1 Like

Also just managed to fix the mixed content issue on OpenEnergyMonitor.org by adding <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests"> to the Drupal header. This automatically tells the browser to upgrade http content e.g .images requests to https before serving. Thanks Google developers

1 Like

mixed content on the old forum show now also be fixed, see my post above. Please confirm. You may need to clear browser cache.

1 Like

Glyn,

Opera v36.0.2130.65 gives me this error:

and

Chrome v49.0.2623.112 m gives this one:

Interesting…

Universal SSL should work fine with Opera 8 and above, from the Cloud Flare page on Universal SSL

Universal SSL uses Server Name Indication (SNI) certificates using Elliptic Curve Digital Signature Algorithm (ECDSA). SNI and ECDSA certificates work with the following modern browsers:

Desktop Browsers installed on Windows Vista or OS X 10.6 or later:

Internet Explorer 7
Firefox 2
Opera 8 (with TLS 1.1 enabled)
Google Chrome v5.0.342.0
Safari 2.1

Update: just installed Opera and the forum works fine for me on Opera 36.

Do you have any issues with any other SSL sites?

Could you post the output of some SSL testers:

https://www.howsmyssl.com/
https://www.ssllabs.com/ssltest/viewMyClient.html

@Bill.Thomson - can you access my ‘poor excuse for a site’ - https://www.digitalnut.co.uk/
I’m also using Cloudflare, similar as Oem (not full -strict though).

Paul

Thanks for the cross-check, Paul
I get the same results with your site as I do with the new OEM site, i.e no joy with Opera or Chrome.
Firefox works OK.

This check was performed with my home desktop machine. The earlier test was with a laptop at my office.
I’m going to try with another laptop/OS combo.

Update…

Looks like the issue is Win XP. Opera and Chrome work OK with Win 7, Win 10 and Linux.
I know, I know, should have ditched XP, but I don’t like the W7 UI, and like the W10 UI even less.
At least the solution is easy (for me, anyway) - switch to Slackware, Debian, etc. etc.

Paul, thanks again for the help!

with all changes from last hours the ssl link doesn’t seem to be clean anymore