TSL for all Hoa's domain


#21

@pierozi I have created https://github.com/hoaproject/Blog/pull/7 in order to be consistent with other services. The blog will use the proxy-discourse.hoa domain to get embed JavaScript files. While not necessary, it makes things consistent. Thoughts?


#22

@Hywan You do well, it is necessary for have comments on blog.


Discourse all the things!
#23

@pierozi It seems https://central.hoa-project.net/ is not working well (for instance https://central.hoa-project.net/Resource/Library/Console). Can you take a look at it please?


#24

Central is not configured, it should not be force to https. I will look at that, because that happen on all domains on this server without https configured


#25

Why it should not be forced? I don’t see any reason.


#26

I setup TLS on all the subdomains of hoa-project.net. this fix issues when the cycle redirection are stuck by browser.


#27

@pierozi Should I open a new topic about https://observatory.mozilla.org/analyze.html?host=hoa-project.net? I guess we should get a better score ;-).


#28

For SSL test, You should look at https://www.ssllabs.com/ssltest/analyze.html?d=hoa-project.net

HSTS was disable issues due to our subdomains not all https and cycle redirection issues. Maybe we can setup CORS rules into website for fix security header

:smiley:


#29

Can we set HSTS now? I guess nothing is blocking. Am I wrong?


#30

@pierozi Do we have to worry about this https://tls.imirhil.fr/https/hoa-project.net?


#31

actually, HSTS already implement, only option subdomains included has been removed. You can check with => curl -s -D - https://hoa-project.net/Fr/ -o /dev/null

The cipher rules already set as better we can. (as mozilla generator recommend) The imirhil cipher check are pretty rude! try google.com, paypal or amazon, their are pretty close to us.


#32

That’s perfect then, thank you for the clarifications!