• HTTPS

    From dragon@VERT/IPTIA to Digital Man on Friday, October 25, 2019 18:20:07
    Also, how do I redirect HTTP users to HTTPS. I know how to do all of these things with Apache and IIS.

    ---
    Synchronet IPTIA - bbs2.ipingthereforeiam.com
  • From Digital Man@VERT to dragon on Friday, October 25, 2019 16:56:47
    Re: HTTPS
    By: dragon to Digital Man on Fri Oct 25 2019 06:20 pm

    Also, how do I redirect HTTP users to HTTPS. I know how to do all of these things with Apache and IIS.

    You need to create a webctrl.ini file, the documentation for which is here: http://wiki.synchro.net/server:web

    I don't think there's a clear URL rewrite example there, but if you figure it out, it'd be nice if you could add a good example to the wiki page.

    digital man

    Synchronet "Real Fact" #66:
    Synchronet was conceived of and mostly developed in southern California.
    Norco, CA WX: 92.6F, 10.0% humidity, 3 mph SE wind, 0.00 inches rain/24hrs

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From dragon@VERT/IPTIA to Digital Man on Saturday, October 26, 2019 18:47:13
    The wiki is clear as mud and I got absolutely nowhere with that.

    So, I tried to follow the wiki entry for installing a Let'sEncrypt cert with similar results.

    NOW, no matter what I do, whenever I try to load my webv4 page via HTTPS, I get a hung fTelnet window and the Control Panel reports "1248 TLS ERROR 'Received TLS Alert: Bad certificate' (-1) popping data"

    This is more than a little frustrating.

    Is there an experienced sysop here willing to help a doofus out?

    I want to protect my web interface with HTTPS and force users to use it over plain HTTP. Is that a lot to ask? It IS considered "best practice" for web interfaces these days.

    ---
    Synchronet IPTIA - bbs2.ipingthereforeiam.com
  • From Digital Man@VERT to dragon on Saturday, October 26, 2019 16:44:09
    Re: HTTPS
    By: dragon to Digital Man on Sat Oct 26 2019 06:47 pm

    The wiki is clear as mud and I got absolutely nowhere with that.

    So, I tried to follow the wiki entry for installing a Let'sEncrypt cert with similar results.

    NOW, no matter what I do, whenever I try to load my webv4 page via HTTPS, I get a hung fTelnet window and the Control Panel reports "1248 TLS ERROR 'Received TLS Alert: Bad certificate' (-1) popping data"

    This is more than a little frustrating.

    It sounds like you're changing the subject from http-redirect-to-https now to a LetSyncrypt issue.

    Is there an experienced sysop here willing to help a doofus out?

    Here and likely in #synchronet on irc.synchro.net

    I want to protect my web interface with HTTPS and force users to use it over plain HTTP. Is that a lot to ask?

    It shouldn't be.

    It IS considered "best practice" for web interfaces these days.

    Sure, but I don't really see any reason to *force* the user to use https over http. Especially if you allow Telnet logins, they're certainly less secure than http-auth.


    digital man

    Synchronet "Real Fact" #43:
    Synchronet added Baja/PCMS support with v2.00a (1994).
    Norco, CA WX: 85.1F, 15.0% humidity, 8 mph E wind, 0.00 inches rain/24hrs

    ---
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net
  • From Glenn Rossi@VERT to Digital Man on Saturday, October 26, 2019 20:10:15
    I removed all of the LetsEncrypt stuff I tried and restored a backup. I'm currently mainly concerned about the TLS error and the inability to use HTTPS at all to access fTelnet, so HTTPS is still a good subject.

    As for forcing HTTPS and telnet being inherently unsecure, that's kind of the point of what I'm trying to do. I want to limit access to my board to SSH and HTTPs, disabling HTTP, telnet, rlogin, etc. I might even go with HTTPS only. --- SBBSecho 3.10-Win32
    * Origin: IPTIA BBS 1:275/301 bbs2.ipingthereforeiam.com (1:275/301)
    Synchronet Vertrauen Home of Synchronet [vert/cvs/bbs].synchro.net