SuperSandro2000
commented
4 years ago I hope this helps other people at least to somewhat securely deploy this.
Closed SuperSandro2000 closed 4 years ago
SuperSandro2000
commented
4 years ago I hope this helps other people at least to somewhat securely deploy this.
stefanzweifel
commented
4 years ago I see. Going to rewrite part of the documentation soon. Will add a note concerning deployment and https.
Just to note: Just adding URL::forceScheme() doesn't make the app automatically secure. It just updates all links on views of the app to use HTTPS.
The best solution to secure a hosted screeenly version is to use Apache/Nginx as a webserver and automatically redirect HTTP to HTTPS traffic.
(As mentioned, I try to update the wiki/docs soon)
SuperSandro2000
commented
4 years ago I redirect everything at my proxy and with HSTS but IIRC some resources did not load properly.
Unfortunately I currently can't merge this PR into master. The version of screeenly deployed under http://screeenly.com currently does not support HTTPS (it's a long story). Merging this would break the deployed app.
I'm currently working on a new version of screeenly and will incorporate this into the next version.