TT-Forums now only available over SSL

The latest news about the forums and the Transport Tycoon world is posted here.
Please also read the rules here before posting elsewhere in the forum.
User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 09:17

TT-Forums has been quietly available over SSL for a number of years now, but I've now installed a phpBB extension that'll transparently proxy any non-SSL [img] tags (and avatars and signatures) over HTTPS (via imageproxy.tt-forums.net). However, the majority of you will have accessed the non-secure site by default. Now, while TT-Forums isn't exactly your online banking, there is a general push at the moment to get every site using encryption, so TT-Forums (and related sites, such as TT Wiki and TT-Forums Projects) will now only be available via a secure connection.

Existing links to http://www.tt-forums.net/ will of course still work - you should be redirected automatically.

One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.

Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).

Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).

User avatar
Pilot
General Forums Moderator
General Forums Moderator
Posts: 7516
Joined: 04 Aug 2010 15:48
Location: Manchester

Re: TT-Forums now only available over SSL

Post by Pilot » 06 Jun 2016 09:21

Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!

With regards to loading speed, I get 1-2 seconds per page which isn't bad when considering I have 2 live Spreadsheets being updated in the background at the same time :D

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 09:39

Pilot wrote:Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!
It basically means that third parties shouldn't be able to intercept your communications with the server (e.g., your password when logging in). Obviously anything you post will still be public.

User avatar
Chrill
Moderator
Moderator
Posts: 15283
Joined: 18 Dec 2004 17:35
Location: Stockholm, Sweden
Contact:

Re: TT-Forums now only available over SSL

Post by Chrill » 06 Jun 2016 13:16

It seems this broke my signature! :o I edited the image link to https:// and it is all fine now :)
Image
Newest screenshots published January 9, 2019
Chrill's scenarios:
Archipiélago Hermoso
(Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 13:47

Hm, did it? Any old http:// TT-Forums links should be redirected automatically to https://. You got it fixed at least though. :)

EDIT: Ah, the proxy had failed (or I'd forgotten to restart it), which may have been related...

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 06 Jun 2016 14:33

Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)

Image

edit: also seems to entirely break my signature image :(
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 14:38

Redirect Left wrote:Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)
Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.
Redirect Left wrote:edit: also seems to entirely break my signature image :(
Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 06 Jun 2016 14:51

orudge wrote: Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.
I suspect that. I've had issues on other sites where dynamically generated PHP images aren't taken kindly by software.
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 15:01

Oddly, it seems to be some sort of weird problem with lighttpd I think (imageproxy.tt-forums.net forwards to an internal Camo server which performs the actual image retrieval, etc). If I access the Camo server directly over HTTP it's fine; if I download the image to the server and access it over HTTPS it's fine too - it just seems to be the proxied version that's misbehaving. It's adding an extra 20 bytes of data, including some newlines and so on. I wonder if it's interpreting it as HTML or something and messing it up. I've no idea why, and can't see anything in the configuration that might be causing that.

At some point I may switch to nginx, lighttpd has always worked pretty well though.

A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too. :)

User avatar
Chrill
Moderator
Moderator
Posts: 15283
Joined: 18 Dec 2004 17:35
Location: Stockholm, Sweden
Contact:

Re: TT-Forums now only available over SSL

Post by Chrill » 06 Jun 2016 15:11

Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
Image
Newest screenshots published January 9, 2019
Chrill's scenarios:
Archipiélago Hermoso
(Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 06 Jun 2016 15:21

orudge wrote:Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.
This one should be fixed now.

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 06 Jun 2016 16:38

Chrill wrote:Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
Nah, it's hosted on my dedicated server here - which has frankly never even seen SSL :p
I tend to keep these things on my own dedis, as it directly communicates with my phones. Then it's entirely my own fault if it gets compromised, can't blame anyone else
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

User avatar
Leanden
Tycoon
Tycoon
Posts: 2621
Joined: 19 Mar 2009 19:25
Location: Kent

Re: TT-Forums now only available over SSL

Post by Leanden » 07 Jun 2016 00:29

Owen, do you have any control over pikka wiki on the users ttforums pages? Any idea why the error 500 problem is ongoing?
Image

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 07 Jun 2016 08:21

Oops, that was my own fault it seems - Pikka's wiki was being hammered by bots recently and they were causing significant slowness on the server, so I attempted to block some, but apparently I made a syntax error when doing so and didn't check it properly. (Load went down so I thought it had been fixed, which was kind of true...) Now fixed!

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 10 Jun 2016 12:53

This has made the site unavailable on some networks. Including wifi at some public locations,some public transport, and O2s 4G network frequently throws up errors.

In public transport, I have verified I am connected to the actual proper source and not someone's phone imitating it.

Edit: just occurred on the EDGE network too.
Attachments
Screenshot_20160610-134647.png
(142.93 KiB) Not downloaded yet
Screenshot_20160610-134945.png
(121.87 KiB) Not downloaded yet
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: TT-Forums now only available over SSL

Post by Rubidium » 10 Jun 2016 16:56

Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 10 Jun 2016 17:00

Rubidium wrote:Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
If you are referring to Chromes feature where it downloads things to a remote server then resends a smaller version, i've tried without that and it still errors. It also works fine on other HTTPS sites (I tried google, as its the only HTTPS forced site I know off hand)
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: TT-Forums now only available over SSL

Post by Rubidium » 10 Jun 2016 17:17

No, I am not. I am refering to things like BoostEdge, and then especially the second paragraph of the second question on http://www.boostedge.com/faq/optimization.html:
However, BoostEdge could act as a "man in the middle" and spoofis the server. But the browser would pop an alert window telling the users that some device is decrypting your data.

User avatar
Redirect Left
Tycoon
Tycoon
Posts: 6578
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left » 10 Jun 2016 18:30

Hmm. Seems like that'd be something global, not something that'd pick and choose what it wants to turn on with and affect it all.
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!

User avatar
orudge
Administrator
Administrator
Posts: 24026
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge » 10 Jun 2016 20:24

Are you able to view the certificate details in your browser? I'd be interested to know what certification authority it thinks it is using.

Locked

Return to “News”

Who is online

Users browsing this forum: No registered users and 1 guest