Closed andrewjs18 closed 7 years ago
This should also cover:
It should include some brief theory with links to verified sources for further reading and implementation instructions with examples. A link to the support section on the Community forums wouldn't hurt either, should any problems arise or somebody would like their setup to be verified.
so better suited to be written by a developer, @Devilshakerz? :grimacing:
ciphers...
Mozilla: https://mozilla.github.io/server-side-tls/ssl-config-generator/ Cipherli.st: https://cipherli.st/
some other useful resources that could be included... http header check: https://securityheaders.io/ http hardening tips: https://scotthelme.co.uk/hardening-your-http-response-headers/ obtaining let's encrypt certs with nginx & ubuntu 14.04: https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04 obtaining let's encrypt certs with apache & ubuntu 14.04: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 SSL config testing tool: https://www.ssllabs.com/ssltest/
My thunder has been stolen! I'll find a way to work some of my more thorough detail into some of these sections at some point to make it a bit more comprehensive.
https://github.com/mybb/mybb/issues/2464 will have to be mentioned too once it's merged.
I think this can probably be closed now, yes?
@Devilshakerz, @JoshHarmon
I've outsourced the certificate installation guide to Digicert and Namecheap pages but anyone can feel free to push/PR additional information if it's not mentioned on reputable websites.
it would be nice to have something in the documentation on how to use HTTPS with mybb.
I imagine we'd need to discuss these things: