rmrector
Registered User
Registered User
Posts: 4
Joined: Wed Nov 16, 2016 8:24 pm

[Feature request] HTTPS everywhere!

Fri Dec 15, 2017 12:06 am

Can you set up secure HTTPS access to the website, API, and image URLs?

These days, there are any number of middlemen that want to watch or tamper with any and all of our communications, and TLS can protect against some of that.

Let's Encrypt offers free SSL certificates, though they only live for 90 days so you'll need an automated script to keep it updated.

User avatar
zag
Site Admin
Site Admin
Posts: 1199
Joined: Wed Jun 06, 2012 9:19 am
Country: United Kingdom

Re: [Feature request] HTTPS everywhere!

Fri Dec 15, 2017 9:11 am

Yep cloudflare even offers this, I think I need to change some of the site URL's in the database though.

I will take a look as it will help with our google rankings too.

rmrector
Registered User
Registered User
Posts: 4
Joined: Wed Nov 16, 2016 8:24 pm

Re: [Feature request] HTTPS everywhere!

Mon Dec 18, 2017 4:18 am

Great, thanks.

User avatar
zag
Site Admin
Site Admin
Posts: 1199
Joined: Wed Jun 06, 2012 9:19 am
Country: United Kingdom

Re: [Feature request] HTTPS everywhere!

Fri Jul 27, 2018 4:36 pm

Finally managed to sort this out by buying a certificate :)

Went round in circles for a few months trying to get a free one, but we use IIS which is a pain in the arse to configure with those!

Anyway, should be all working, i'll switch over to it fully at some point in the near future but for now both work

https://www.theaudiodb.com

rmrector
Registered User
Registered User
Posts: 4
Joined: Wed Nov 16, 2016 8:24 pm

Re: [Feature request] HTTPS everywhere!

Mon Aug 27, 2018 9:13 pm

Thanks!

Can you disable SSL2 and SSL3, and enable TLS1.1 and TLS1.2? TLS 1.1/1.2 looks like a bit of a process with IIS7, but it seems possible. SSL2 and 3 are just plain insecure these days, and the last notable client that can't do at least TLS1.0 is IE6 on Windows XP.

Artwork Beef isn't able to negotiate the protocol on Android and OSMC, and it looks like this is the same problem as "AudioDb thread starter". I'm hoping that adjusting the server config will resolve this.

SSL labs offers a comprehensive server test.

User avatar
zag
Site Admin
Site Admin
Posts: 1199
Joined: Wed Jun 06, 2012 9:19 am
Country: United Kingdom

Re: [Feature request] HTTPS everywhere!

Mon Aug 27, 2018 11:04 pm

Great! I'd been researching this but was going to wait for the new server with windows 2019... This is a nice stop gap solution in the mean time.

I've actually found a nice app to do it all called "IIS Crypto" (gotta love windows) and it sets all the registry keys automatically.

Test now comes back much better :)

rmrector
Registered User
Registered User
Posts: 4
Joined: Wed Nov 16, 2016 8:24 pm

Re: [Feature request] HTTPS everywhere!

Tue Aug 28, 2018 2:30 am

Very nice, the connection problems I encountered are cleared up.

Thanks for the quick resolution.

User avatar
zag
Site Admin
Site Admin
Posts: 1199
Joined: Wed Jun 06, 2012 9:19 am
Country: United Kingdom

Re: [Feature request] HTTPS everywhere!

Tue Aug 28, 2018 7:30 am

rmrector wrote:Very nice, the connection problems I encountered are cleared up.

Thanks for the quick resolution.


Great, Thank you for the detailed pointer!

GeraldJohnson
Posts: 1
Joined: Wed Sep 19, 2018 9:23 am
Country: United States

Re: [Feature request] HTTPS everywhere!

Wed Sep 19, 2018 9:33 am

Thanks, guys its really knowledgeable discussion.

bLight
Registered User
Registered User
Posts: 39
Joined: Wed Jan 11, 2017 2:42 pm

Re: [Feature request] HTTPS everywhere!

Sun Dec 09, 2018 4:47 pm

Something is broken, when I try to connect to the website using firefox, it's showing me a certificate request dialog, if i select any certificate I already have in the browser it's giving me a 403 error.

If I select cancel on the certificate dialog then the website loads fine.

Return to “General Site Chat”