TT-Forums now only available over SSL

The latest news about the forums and the Transport Tycoon world is posted here.
Please also read the rules here before posting elsewhere in the forum.
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

TT-Forums now only available over SSL

Post by orudge »

TT-Forums has been quietly available over SSL for a number of years now, but I've now installed a phpBB extension that'll transparently proxy any non-SSL [img] tags (and avatars and signatures) over HTTPS (via imageproxy.tt-forums.net). However, the majority of you will have accessed the non-secure site by default. Now, while TT-Forums isn't exactly your online banking, there is a general push at the moment to get every site using encryption, so TT-Forums (and related sites, such as TT Wiki and TT-Forums Projects) will now only be available via a secure connection.

Existing links to http://www.tt-forums.net/ will of course still work - you should be redirected automatically.

One problem with trying to run a forum via SSL is that you can use the [img] tag to embed images which may not be secure. You can also link to externally hosted avatars. We do however have a solution for that - all HTTP [img] links will now be transparently proxied via imageproxy.tt-forums.net, a secure site.

Please let me know how you find everything. If anybody notices any problems, please let me know. If you find the site seems significantly slower too, that would also be of interest (it seems pretty much the same to me).

Also, as a minor aside, I've updated the [youtube] BBCode so it's a bit more modern and no longer tries to embed Flash (it instead embeds YouTube itself via an iframe, the recommended method these days).
User avatar
Pilot
General Forums Moderator
General Forums Moderator
Posts: 7629
Joined: 04 Aug 2010 15:48

Re: TT-Forums now only available over SSL

Post by Pilot »

Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!

With regards to loading speed, I get 1-2 seconds per page which isn't bad when considering I have 2 live Spreadsheets being updated in the background at the same time :D
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Pilot wrote:Very nice, though I have no clue as to what it all means :lol: I'm guessing it now means we've got the same security as my bank?!
It basically means that third parties shouldn't be able to intercept your communications with the server (e.g., your password when logging in). Obviously anything you post will still be public.
User avatar
Chrill
Moderator
Moderator
Posts: 15974
Joined: 18 Dec 2004 17:35
Location: Stockholm, Sweden
Contact:

Re: TT-Forums now only available over SSL

Post by Chrill »

It seems this broke my signature! :o I edited the image link to https:// and it is all fine now :)
Image
My Scenarios:
Archipiélago Hermoso (Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Hm, did it? Any old http:// TT-Forums links should be redirected automatically to https://. You got it fixed at least though. :)

EDIT: Ah, the proxy had failed (or I'd forgotten to restart it), which may have been related...
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)

Image

edit: also seems to entirely break my signature image :(
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Redirect Left wrote:Not sure if intended behaviour or not, but I do occasionally receive this warning on some threads (this one is Chrills screenshot thread)
Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.
Redirect Left wrote:edit: also seems to entirely break my signature image :(
Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

orudge wrote: Curious, I wonder if it's because it's ending in .php instead of .png. Will look into it too.
I suspect that. I've had issues on other sites where dynamically generated PHP images aren't taken kindly by software.
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Oddly, it seems to be some sort of weird problem with lighttpd I think (imageproxy.tt-forums.net forwards to an internal Camo server which performs the actual image retrieval, etc). If I access the Camo server directly over HTTP it's fine; if I download the image to the server and access it over HTTPS it's fine too - it just seems to be the proxied version that's misbehaving. It's adding an extra 20 bytes of data, including some newlines and so on. I wonder if it's interpreting it as HTML or something and messing it up. I've no idea why, and can't see anything in the configuration that might be causing that.

At some point I may switch to nginx, lighttpd has always worked pretty well though.

A bit of a faff for you, but you could consider getting a free SSL certificate and encrypting your site too. :)
User avatar
Chrill
Moderator
Moderator
Posts: 15974
Joined: 18 Dec 2004 17:35
Location: Stockholm, Sweden
Contact:

Re: TT-Forums now only available over SSL

Post by Chrill »

Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
Image
My Scenarios:
Archipiélago Hermoso (Latest Release: Version 3.2)
Turnpike Falls (Latest Release: Version 0.91)
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

orudge wrote:Hm, that's TinyMusic's avatar - looks like my plug-in isn't filtering avatars as I thought. Will need to look into that.
This one should be fixed now.
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

Chrill wrote:Try changing your image to https:// if it is hosted on the forums, Adam. That's what I had to do, my signature image is uploaded in my screenshot topic.
Nah, it's hosted on my dedicated server here - which has frankly never even seen SSL :p
I tend to keep these things on my own dedis, as it directly communicates with my phones. Then it's entirely my own fault if it gets compromised, can't blame anyone else
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
User avatar
Leanden
Tycoon
Tycoon
Posts: 2613
Joined: 19 Mar 2009 19:25
Location: Kent

Re: TT-Forums now only available over SSL

Post by Leanden »

Owen, do you have any control over pikka wiki on the users ttforums pages? Any idea why the error 500 problem is ongoing?
Image
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Oops, that was my own fault it seems - Pikka's wiki was being hammered by bots recently and they were causing significant slowness on the server, so I attempted to block some, but apparently I made a syntax error when doing so and didn't check it properly. (Load went down so I thought it had been fixed, which was kind of true...) Now fixed!
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

This has made the site unavailable on some networks. Including wifi at some public locations,some public transport, and O2s 4G network frequently throws up errors.

In public transport, I have verified I am connected to the actual proper source and not someone's phone imitating it.

Edit: just occurred on the EDGE network too.
Attachments
Screenshot_20160610-134647.png
(142.93 KiB) Not downloaded yet
Screenshot_20160610-134945.png
(121.87 KiB) Not downloaded yet
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: TT-Forums now only available over SSL

Post by Rubidium »

Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

Rubidium wrote:Those providers often have a "feature" of performing a massive man-in-the-middle "attack" to "reduce" the size of images. Actually they rewrite every HTML page they come across and change the URIs of images so they can provide their own smaller (in size) version of it.

This "feature" is incredibly annoying when you specifically said to your browser to not load certain (large) images of a website, because with the HTML rewriting your image block does not work anymore and voila... you have to download way more than you should have downloaded when they did not perform that size "reduction".
If you are referring to Chromes feature where it downloads things to a remote server then resends a smaller version, i've tried without that and it still errors. It also works fine on other HTTPS sites (I tried google, as its the only HTTPS forced site I know off hand)
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
Rubidium
OpenTTD Developer
OpenTTD Developer
Posts: 3815
Joined: 09 Feb 2006 19:15

Re: TT-Forums now only available over SSL

Post by Rubidium »

No, I am not. I am refering to things like BoostEdge, and then especially the second paragraph of the second question on http://www.boostedge.com/faq/optimization.html:
However, BoostEdge could act as a "man in the middle" and spoofis the server. But the browser would pop an alert window telling the users that some device is decrypting your data.
User avatar
Redirect Left
Tycoon
Tycoon
Posts: 7239
Joined: 22 Jan 2005 19:31
Location: Wakefield, West Yorkshire

Re: TT-Forums now only available over SSL

Post by Redirect Left »

Hmm. Seems like that'd be something global, not something that'd pick and choose what it wants to turn on with and affect it all.
Image
Need some good tested AI? - Unofficial AI Tester, list of good stuff & thread is here.
User avatar
orudge
Administrator
Administrator
Posts: 25134
Joined: 26 Jan 2001 20:18
Skype: orudge
Location: Banchory, UK
Contact:

Re: TT-Forums now only available over SSL

Post by orudge »

Are you able to view the certificate details in your browser? I'd be interested to know what certification authority it thinks it is using.
Locked

Return to “News”

Who is online

Users browsing this forum: No registered users and 5 guests