search

evennia / evennia

Python MUD/MUX/MUSH/MU* development system
http://www.evennia.com
BSD 3-Clause "New" or "Revised" License
1.77k stars 692 forks source link

InsecurePlatformWarning #1141

Closed TehomCD closed 7 years ago

TehomCD commented 7 years ago

Brief summary of issue / Description of requested feature:

So every so often in my logs I see the following message:

[twisted.logger._global#warn] /home/tehom/arx/local/lib/python2.7/sitepackages/urllib3/connectionpool.py:843: urllib3.exceptions.InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

From following the link, I gathered that I have some https link somewhere in my webpage (I think a link to pinterest or some API call required it, but I can't remind off the top of my head), which probably is what generates the warning. The link recommended installing various things to try to resolve it, and I wound up reading about 'letsencrypt' and other things to generate certificates, but I would have no idea where I would actually put the code to call any of this stuff. Somewhere in server.py maybe? Is the warning something I can safely ignore, or should this be something I try to address? I'm a total newbie when it comes to all this web/serveradmin stuff.

Steps to reproduce the issue / Reasons for adding feature:

  1. https request from one of the webpages (I think!)

Error output / Expected result of feature

Error above.

Extra information, such as Evennia revision/repo/branch, operating system and ideas for how to solve / implement:

I'm not sure if this stuff would be something that can (or should) be handled entirely outside of Evennia, or should be something we work on adding to the server stuff, or if it can just be safely ignored.

Griatch commented 7 years ago

You can do git grep https in the evennia repo to see all things in the web dir that are handled by https; the relevant ones for this is jquery and a favico library used for the tab notifications. I don't know if there is a problem with this particular error.

As for how to set up letsencrypt, it's supposedly a straightforward thing. I don't think it requires a change to Evennia itself, but we might maybe entice @whitenoise to write a little tutorial for how to secure an Evennia server and website with https?

whitenoiseoss commented 7 years ago

While you technically could have Evennia code that would manage Let's Encrypt for you, I would find this to be an unnecessary thing.

Your SSL certificates should be managed on the server alone. We recommend using a cron job that runs a BASH script for certificate renewals, and you should receive a mail from our expiry mailer before your certificate expires in case you need to manually intercede.

As far as getting the certificate, if you are using the EFF's client, certbot/certbot-auto, the only manual thing you need to do is pass the verification which can be done through web server configuration or by a DNS change. If you have any trouble, #letsencrypt channel exists on Freenode to support users with this process.

References: https://letsencrypt.org/getting-started/ https://certbot.eff.org/

Griatch commented 7 years ago

@whitenoiseoss Could you maybe add a few lines to https://github.com/evennia/evennia/wiki/Online%20Setup explaining the options and give the links needed?

Griatch commented 7 years ago

Since there's more info in the wiki now, I'm closing this.