@pierozi I have created https://github.com/hoaproject/Blog/pull/7 in order to be consistent with other services. The blog will use the proxy-discourse.hoa
domain to get embed JavaScript files. While not necessary, it makes things consistent. Thoughts?
@pierozi It seems https://central.hoa-project.net/ is not working well (for instance https://central.hoa-project.net/Resource/Library/Console). Can you take a look at it please?
Central is not configured, it should not be force to https. I will look at that, because that happen on all domains on this server without https configured
Why it should not be forced? I don’t see any reason.
I setup TLS on all the subdomains of hoa-project.net. this fix issues when the cycle redirection are stuck by browser.
@pierozi Should I open a new topic about https://observatory.mozilla.org/analyze.html?host=hoa-project.net? I guess we should get a better score ;-).
For SSL test, You should look at https://www.ssllabs.com/ssltest/analyze.html?d=hoa-project.net
HSTS was disable issues due to our subdomains not all https and cycle redirection issues. Maybe we can setup CORS rules into website for fix security header
Can we set HSTS now? I guess nothing is blocking. Am I wrong?
actually, HSTS already implement, only option subdomains included has been removed. You can check with => curl -s -D - https://hoa-project.net/Fr/ -o /dev/null
The cipher rules already set as better we can. (as mozilla generator recommend) The imirhil cipher check are pretty rude! try google.com, paypal or amazon, their are pretty close to us.
That’s perfect then, thank you for the clarifications!