BBSSL
Posted: Sun Aug 11, 2019 9:19 am
Takes care of HTTPS various settings around the phpBB board. This assumes you have already installed a SSL certificate correctly first! On this note, Did you??!
Just because you enabled the SSL with your own hosting company does not mean your board is ready to support SSL.
BBssl tries to do the heavy lifting for you and takes care of all the SSL settings that need to be adjusted in order for your forum to run correctly with the SSL certificate.
Have you ever noticed the dreadful "Mixed content" error in the browser? BBssl takes care of many such small issues will lead to that dreadful error on your board.
Features overview:
Replace all links and images at runtime from HTTP to HTTPS.
- It will apply to any rich text. (posts, private messages, polls, etc...)
- It will apply to old and new content.
- It will apply indiscriminately to all absolute URLs without touching relative URLs. (those without http://)
- The original text is not modified. When editing a post, the URL will still show as HTTP in the text box.
- Images srcs in signatures are converted
- convert old "Remote avatar"-type and also any avatars that was added by any extensions that use HTTP into HTTPS.
- Other types of avatars use relative links and therefore use HTTPS if your site uses HTTPS.
- Prevent a broken link image around the board in case an avatar, signature or post image contains a https link that is not supported by its origin server and adds a placeholder
- set server port to 443 (please make sure your server port actually runs on 443 - Ask your hosting before installing the ext to be safe)
- enable https protocol under server settings
- enable cookie secure
- ***Whenever a user tries to change their "Remote avatar" URL to an HTTP URL, the extension will automatically make it use HTTPS instead. (however remote avatar is turned off in acp anyway upon bbssl installation -
if enabled later on this setting will apply to be safe)
- set avatar remote to disabled (see above ***)
Q/A: What's this Mixed content anyway?
Mixed content occurs when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection. This is called mixed content because both HTTP and HTTPS content are being loaded to display the same page, and the initial request was secure over HTTPS. Modern browsers display warnings about this type of content to indicate to the user that this page contains insecure resources.