I got a starfield digital certificate to use https on my mybb forum.
I read on the thread below how to force https for ALL USERS:
http://community.mybb.com/thread-89873-post-945738.html
I've been reading a bit about the subject and it seems that https can take quite a bit of load on the server, and I have around 20000 pageviews a day, and I believe that 80-90% of the access are non-logged users (around 200 different users logged every day).
Another point to take in account is that the links on my site have a lot of "juice" and appear quite high in many many keywords. From what I've read, changing to https, even with 301 redirect ends up loosing a bit of the juice.
Soooo.... I thought in using https to login and all URLs while the user is logged. How can I do that?
At the moment using
https://forum.antinovaordemmundial.com/ doesn't show the style, JS and images properly.
I tried SSL Switcher, but it didnt make any difference
http://mods.mybb.com/view/ssl-switcher
(2012-12-08, 05:16 PM)echofloripa Wrote: [ -> ]...doesn't show the style, JS and images properly
that could be a .htaccess redirect/hotlink issue. Also if CSS and images aren't working, check your template that all users can load it in Templates & Style >> Themes >> your theme > Edit Theme Properties > Allowed User Groups > Select All User Groups > Select Save Theme Properties. If you happen to be using a user group that's not allowed to see that template BUT that template is set to default.. then it would cause CSS and images from the image folder not to load.
the HTTPS for logged in users only I haven't seen for MyBB but not to say there's not a plugin out there that allows that to happen. If you're good with PHP you might be able to use the PATCHES plugin to write your own solution for this.
Hey web, the js are not shown only via https...
Well, I'm not that great with PHP, java maybe
I guess this type of functionality would be a great thing to be included as default in mybb...
thanks
Now I am in the situation that I spent hundreds of dollars for a proper certificate which I can't use in MYBB.
What I really need is a way to use https only for sending the user/passwd and after registering. All the rest should remain the same.
two options;
1) you could export your theme and import it as a new one, then change all the hard links to https in the templates and CSS files.Then create a plugin that will change the board URL to use https and the new theme for logged in users, before anything gets loaded into any templates.
2) create a plugin that hook into pre_output_page and simply does a global replace of your
http://domain.tld to
https://domain.tld for logged in users.
the second one may be easier but if you are not careful in your replacements you can change the protocol for external links or miss an replacement and then your users get the "do you want to load insecure content" messages.
(2013-01-09, 04:46 PM)pavemen Wrote: [ -> ]two options;
2) create a plugin that hook into pre_output_page and simply does a global replace of your http://domain.tld to https://domain.tld for logged in users.
the second one may be easier but if you are not careful in your replacements you can change the protocol for external links or miss an replacement and then your users get the "do you want to load insecure content" messages.
Thanks pavemen, do you know of some plugin I could start with that does this type of hook?
Is there anyone else that would like to help me with that? I'm willing to pay for this. But honestly, I think this should be native of such a great tool that mybb is.
(2012-12-08, 05:16 PM)echofloripa Wrote: [ -> ]I've been reading a bit about the subject and it seems that https can take quite a bit of load on the server
This is mostly a myth.
Quote:In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
http://www.imperialviolet.org/2010/06/25...g-ssl.html
(2012-12-08, 05:16 PM)echofloripa Wrote: [ -> ]and I have around 20000 pageviews a day
That's basically no traffic. Just put HTTPS on the entire site.
(2012-12-08, 05:16 PM)echofloripa Wrote: [ -> ]Another point to take in account is that the links on my site have a lot of "juice" and appear quite high in many many keywords. From what I've read, changing to https, even with 301 redirect ends up loosing a bit of the juice.
[citation needed]
By the way, you are aware that making your website only partially available on HTTPS is a security weakness, even for logged in users, right?
Hi Yumi, I really appreciate your answer.
My site has 79,64% of traffic coming from google, what will happen once I switch to HTTPS?
From what I have read (havent got the source now sorry), search engines take https as totally different URLs than http. That's my main concern.]
Also another problem in switching everything to https is as many threads have embedded images (without http) it will generate too many warning for visiting users.
I don't think that visitors use http it is a security weakness, the main problem is to not have https on logging credentials, and also to have users writing threads/replies that go in plain text.
I still willing to pay someone that writes a plugin/mod to enable to have https on loggin credentials and for logged users...