Transport Tycoon Forums

The place to talk about Transport Tycoon
It is currently Sat Oct 21, 2017 12:23 pm

All times are UTC




Post new topic  This topic is locked, you cannot edit posts or make further replies.  [ 33 posts ]  Go to page 1 2 Next
Author Message
PostPosted: Mon Jun 06, 2016 9:17 am 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
TT-Forums has been quietly available over SSL for a number of years now, but I've now installed a phpBB extension that'll transparently proxy any non-SSL [img] tags (and avatars and signatures) over HTTPS (via imageproxy.tt-forums.net). However, the majority of you will have accessed the non-secure site by default. Now, while TT-Forums isn't exactly your online banking, there is a general push at the moment to get every site using encryption, so TT-Forums (and related sites, such as TT Wiki and TT-Forums Projects) will now only be available via a secure connection.

Existing links to http://www.tt-forums.net/ will of course still work - you should be redirected automatically.

One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.

Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).

Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 9:21 am 
Offline
Tycoon
Tycoon
User avatar

Joined: Wed Aug 04, 2010 3:48 pm
Posts: 7214
Location: Manchester
Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!

With regards to loading speed, I get 1-2 seconds per page which isn't bad when considering I have 2 live Spreadsheets being updated in the background at the same time :D

_________________
POTM August 2012 Joint Winner
My Screenshot Thread

Image


Top
   
 
PostPosted: Mon Jun 06, 2016 9:39 am 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Pilot wrote:
Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!

It basically means that third parties shouldn't be able to intercept your communications with the server (e.g., your password when logging in). Obviously anything you post will still be public.

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 1:16 pm 
Offline
Moderator
Moderator
User avatar

Joined: Sat Dec 18, 2004 5:35 pm
Posts: 14821
Location: Stockholm, Sweden
It seems this broke my signature! :o I edited the image link to https:// and it is all fine now :)

_________________
Image
OpenTTD Scenarios:
Archipiélago Hermoso
(Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91) 2016-06-23


Top
   
 
PostPosted: Mon Jun 06, 2016 1:47 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Hm, did it? Any old http:// TT-Forums links should be redirected automatically to https://. You got it fixed at least though. :)

EDIT: Ah, the proxy had failed (or I'd forgotten to restart it), which may have been related...

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 2:33 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)

Image

edit: also seems to entirely break my signature image :(

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!


Top
   
 
PostPosted: Mon Jun 06, 2016 2:38 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Redirect Left wrote:
Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)

Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.

Redirect Left wrote:
edit: also seems to entirely break my signature image :(

Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 2:51 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
orudge wrote:
Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.

I suspect that. I've had issues on other sites where dynamically generated PHP images aren't taken kindly by software.

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!


Top
   
 
PostPosted: Mon Jun 06, 2016 3:01 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Oddly, it seems to be some sort of weird problem with lighttpd I think (imageproxy.tt-forums.net forwards to an internal Camo server which performs the actual image retrieval, etc). If I access the Camo server directly over HTTP it's fine; if I download the image to the server and access it over HTTPS it's fine too - it just seems to be the proxied version that's misbehaving. It's adding an extra 20 bytes of data, including some newlines and so on. I wonder if it's interpreting it as HTML or something and messing it up. I've no idea why, and can't see anything in the configuration that might be causing that.

At some point I may switch to nginx, lighttpd has always worked pretty well though.

A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too. :)

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 3:11 pm 
Offline
Moderator
Moderator
User avatar

Joined: Sat Dec 18, 2004 5:35 pm
Posts: 14821
Location: Stockholm, Sweden
Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.

_________________
Image
OpenTTD Scenarios:
Archipiélago Hermoso
(Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91) 2016-06-23


Top
   
 
PostPosted: Mon Jun 06, 2016 3:21 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
orudge wrote:
Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.

This one should be fixed now.

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Mon Jun 06, 2016 4:38 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
Chrill wrote:
Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.

Nah, it's hosted on my dedicated server here - which has frankly never even seen SSL :p
I tend to keep these things on my own dedis, as it directly communicates with my phones. Then it's entirely my own fault if it gets compromised, can't blame anyone else

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!


Top
   
 
PostPosted: Tue Jun 07, 2016 12:29 am 
Offline
Tycoon
Tycoon
User avatar

Joined: Thu Mar 19, 2009 7:25 pm
Posts: 2516
Location: Kent
Owen, do you have any control over pikka wiki on the users ttforums pages? Any idea why the error 500 problem is ongoing?

_________________
Image


Top
   
 
PostPosted: Tue Jun 07, 2016 8:21 am 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Oops, that was my own fault it seems - Pikka's wiki was being hammered by bots recently and they were causing significant slowness on the server, so I attempted to block some, but apparently I made a syntax error when doing so and didn't check it properly. (Load went down so I thought it had been fixed, which was kind of true...) Now fixed!

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
PostPosted: Fri Jun 10, 2016 12:53 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
This has made the site unavailable on some networks. Including wifi at some public locations,some public transport, and O2s 4G network frequently throws up errors.

In public transport, I have verified I am connected to the actual proper source and not someone's phone imitating it.

Edit: just occurred on the EDGE network too.


Attachments:
Screenshot_20160610-134647.png [142.93 KiB]
Not downloaded yet
Screenshot_20160610-134945.png [121.87 KiB]
Not downloaded yet

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!
Top
   
 
PostPosted: Fri Jun 10, 2016 4:56 pm 
Offline
OpenTTD Developer
OpenTTD Developer

Joined: Thu Feb 09, 2006 7:15 pm
Posts: 3815
Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".


Top
   
 
PostPosted: Fri Jun 10, 2016 5:00 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
Rubidium wrote:
Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".

If you are referring to Chromes feature where it downloads things to a remote server then resends a smaller version, i've tried without that and it still errors. It also works fine on other HTTPS sites (I tried google, as its the only HTTPS forced site I know off hand)

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!


Top
   
 
PostPosted: Fri Jun 10, 2016 5:17 pm 
Offline
OpenTTD Developer
OpenTTD Developer

Joined: Thu Feb 09, 2006 7:15 pm
Posts: 3815
No, I am not. I am refering to things like BoostEdge, and then especially the second paragraph of the second question on http://www.boostedge.com/faq/optimization.html:
Quote:
However, BoostEdge could act as a "man in the middle" and spoofis the server. But the browser would pop an alert window telling the users that some device is decrypting your data.


Top
   
 
PostPosted: Fri Jun 10, 2016 6:30 pm 
Offline
Tycoon
Tycoon
User avatar

Joined: Sat Jan 22, 2005 7:31 pm
Posts: 6047
Location: Wakefield, West Yorkshire
Hmm. Seems like that'd be something global, not something that'd pick and choose what it wants to turn on with and affect it all.

_________________
Image
Worst Behaved IRC Member of 2008, 2009 & 2010 - Go Me!


Top
   
 
PostPosted: Fri Jun 10, 2016 8:24 pm 
Offline
Administrator
Administrator
User avatar

Joined: Fri Jan 26, 2001 8:18 pm
Posts: 23785
Skype: orudge
Location: Banchory, UK
Are you able to view the certificate details in your browser? I'd be interested to know what certification authority it thinks it is using.

_________________
Owen Rudge
owenrudge.net | Owen's Transport Tycoon Station | Owen's Locomotion Depot | The Transport Tycoon Wiki


Top
   
 
Display posts from previous:  Sort by  
Post new topic  This topic is locked, you cannot edit posts or make further replies.  [ 33 posts ]  Go to page 1 2 Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000-2017 phpBB Limited

Copyright © Owen Rudge/The Transport Tycoon Forums 2001-2017.
Hosted by Zernebok Hosting.