https-encrypted-browsing [Jcink.com Wiki]

JFH >> HTTPS Encrypted Browsing

What is HTTPS? This means all traffic between your browser and the server will be encrypted and cannot be monitored by a 3rd party. While this is not so important for browsing from your home internet connection, it is essential to be secure if you are using public wifi or a similar public internet connection.

You will know if you are using HTTPS by looking at your address bar. If it says https:// and there is a green lock icon or similar, then you are browsing with full encryption.

Jcink Forum Hosting now offers HTTPS for you & and your forum users.

Status of HTTPS

  • HTTPS became available on 3/10/2017 for *.jcink.net, and our main site *.jcink.com
  • It is not currently available for *.b1.jcink.com or custom domain names.
  • HTTPS is a “BETA feature” / in testing and development

Future of HTTPS

We are working to eventually extend this capability to some of our older URLs such as b1.jcink.com, but please note that it is been depreciated for a few years now.

Custom domain names are a broader challenge, but we hope to have a solution in place during the year as we continue to work with HTTPS and help you get ready for it!

Why HTTPS?

HTTPS is faster, and far more secure overall, even if you are not storing personal details on your forums. Everything is that much more secure for everyone when HTTPS is being used at all times.

The second, more pressing answer to this is: HTTP is going to be phased out. As site owner, you will eventually *need* to switch to HTTPS. In January 2017, Google Chrome began marking non-HTTPS sites with login forms as "Not Secure" in the address bar. This is the first phase of depreciating HTTP.

Not Secure warning due to non-https)

The only way to avoid this “not secure” notice presently, is to switch to HTTPS. For now, it is a fairly soft notice, but in the future it will be red. Google's overall goal is to eventually mark all HTTP websites as unsafe.

As a response to this, we have enabled the HTTPS option for free, for everyone, across *.jcink.net - and our main site. Full switch to HTTPS is one of our long-term goals.

Making your forum HTTPS ready

The transition to HTTPS presents some challenges. To utilize HTTPS without your forum breaking, you may need to check your Board Wrappers and CSS to ensure that they are compatible. There's a good chance that your board is not going to look correctly over HTTPS until you do make some changes.

Any embedded external JavaScript, Chat Boxes, fonts, or images within CSS will need to be switched to https. This is because HTTPS does not permit embedded content over regular HTTP.

As an example, here is our logo. If the following URL is embedded in CSS:

The image will refuse to display. There are two options here.

Remember, if the server you are trying to link this image from does not support https, this will not work.

In the future, we will have tools to help assist you with some of these changes, but would urge you to try converting your skins and templates at your convenience now to be sure they are as HTTPS-compatible as possible. Remember: you can always link https resources over http with no side effects, but not the other way around.

User-posted Content

What About non-HTTPS user posted contents? Such as: signatures, avatars, graphics, etc.

Presently, non-https images inserted using the [img] tag in posts will display over http. This could be subject to change in browsers over the future. For now, you should not worry about this. However, some users who have HTML enabled on their board allow users to utilize CSS. Their images will need to be uploaded to HTTPS-friendly image hosts. Fortunately, as a result of the push to HTTPS, most image hosts are providing https images. Some are not. We recommend using those who do, and contacting those who don't to let them know about the need for HTTPS.

Access boards over HTTPS

You can utilize the *.jcink.net subdomain to access your board over HTTPS. If you presently use *.b1.jcink.com, you can substitute [yourname] and reach the same board.

  • https://[yourname].jcink.net/

Access Admin CP over HTTPS

You can visit your *.jcink.net URL with /admin.php on the end to have a fully encrypted Admin CP experience.

  • https://[yourname].jcink.net/admin.php

3rd Party Image Hosting

Your JFH Filemanager via Admin CP supports hosting of any images you may need for your board. This allows you to serve all of your images and other media necessary for your forum over HTTPS. In some cases, however, members may need to use external image hosts. While HTTP images are allowed by browsers in posts at this time as mentioned earlier, this may change in the future. The following is a confirmed list of https-supported 3rd party image hosting for your convenience.

External Links

 
https-encrypted-browsing.txt · Last modified: 2017/03/21 00:30 by jcink