2016-11-01, 04:46 AM
2016-11-01, 04:46 AM
2016-11-08, 09:04 PM
it's good, if you first plug it back copyright MyBB on your website that you remove
[attachment=37765]
[attachment=37766]
[attachment=37765]
[attachment=37766]
2016-11-08, 09:58 PM
(2016-11-08, 09:04 PM)terzier Wrote: [ -> ]it's good, if you first plug it back copyright MyBB on your website that you remove
ok
2016-11-11, 03:59 AM
You're missing a LOT of things that are necessary to deploy HTTPS properly. I'm working on a comprehensive guide that I'll be releasing to the MyBB Documentation site soon, but for now, here's the most important bit IMO:
Remember: an HTTP->HTTPS redirect is inherently insecure and does relatively little to secure your users. You should also send an HSTS header over HTTPS with:
This will make browsers remember to only connect over HTTPS _before_ any data is sent.
Start the max-age at something low like 86400 (1 day) before you've confirmed that things are 100% ready. Then work your way up to the 1-year value in the snippet. This is the most critical next step.
Remember: an HTTP->HTTPS redirect is inherently insecure and does relatively little to secure your users. You should also send an HSTS header over HTTPS with:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
This will make browsers remember to only connect over HTTPS _before_ any data is sent.
Start the max-age at something low like 86400 (1 day) before you've confirmed that things are 100% ready. Then work your way up to the 1-year value in the snippet. This is the most critical next step.
2016-11-25, 11:01 PM
Removing copyright is a terrible idea to do. All you have to do is add it back and <br /> with your own trademark with it.
2016-12-04, 02:38 PM
nginx Config with Login Hijacking with https let*s encroyted
you need an full root access not an virtual root and a free oder enhance Account on no-ip
after install HTTP*s you can not visit this Site btw Forum with http://your-domain.excluded
after install only with https://your-domain.excluded
_______________________________
Hostname Information
Hostname: YOUR DOMAIN
Host Type: DNS Host
IP Address: of this ROOT
Assign to Group: nothing
Enable Wildcard: make this X inside
___________________________________
1) aptitude install git
2) git clone https://github.com/letsencrypt/letsencrypt
3) cd letsencrypt
4) nginx stop
5) ./letsencrypt-auto certonly --webroot -w /PATH/DO/DIR/OF/FORUM -d DOMAIN DNS A RECORD
5a) cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.stable.old
6) nano /etc/nginx/sites-available/default
http://pastebin.com/H9J3iJtr
6a ) cd /etc/nginx/ && dhparam -out dhparams.pem 2048 (you can make 4096bit BUT this need many TIme )
7) /etc/init.d/nginx configtest
-->
[ ok ] Testing nginx configuration:.
8) /etc/init.d/ngingx restart
you need an full root access not an virtual root and a free oder enhance Account on no-ip
after install HTTP*s you can not visit this Site btw Forum with http://your-domain.excluded
after install only with https://your-domain.excluded
_______________________________
Hostname Information
Hostname: YOUR DOMAIN
Host Type: DNS Host
IP Address: of this ROOT
Assign to Group: nothing
Enable Wildcard: make this X inside
___________________________________
1) aptitude install git
2) git clone https://github.com/letsencrypt/letsencrypt
3) cd letsencrypt
4) nginx stop
5) ./letsencrypt-auto certonly --webroot -w /PATH/DO/DIR/OF/FORUM -d DOMAIN DNS A RECORD
5a) cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.stable.old
6) nano /etc/nginx/sites-available/default
http://pastebin.com/H9J3iJtr
6a ) cd /etc/nginx/ && dhparam -out dhparams.pem 2048 (you can make 4096bit BUT this need many TIme )
7) /etc/init.d/nginx configtest
-->
[ ok ] Testing nginx configuration:.
8) /etc/init.d/ngingx restart
2017-10-25, 04:41 AM
Awesome
2017-10-25, 10:11 AM
Better to use DVZ secure plugin