Improve HTTPS support - static.hoa-project.net certificate.
Metalaka opened this issue · 8 comments
Use the good protocol according to the user request.
Hoa's HTTPS pages don't use HTTPS protocol for their CSS & JS resources.
Mixed Content: The page at 'https://hoa-project.net/Fr/' was loaded over HTTPS, but requested an insecure stylesheet 'http://static.hoa-project.net/Css/Core.css'. This request has been blocked; the content must be served over HTTPS.
Absolutes URLs can be set without http: to resolve that.
Add static.hoa-project.net to the certificate.
Moreover hoa-project.net load resources from static.hoa-project.net but this domain isn't part of the Hoa certificate.
You should use *.hoa-project.net or add static.hoa-project.net to solve this issue.
Configure nginx to return the resource.
Finally, nginx return a 404 when requesting over HTTPS.
eg: https://static.hoa-project.net/Css/Core.css
Sum up:
- Use the good protocol according to the user request.
- Add
static.hoa-project.netto the certificate. - Configure nginx to return the resource.
But… Hoa does not support SSL ;-). We have SSL only for the mails.
@Metalaka I thought have disable SSL on website.
Our problem is certificate we have is not an Wildcard certificate, so we can't add subdomain.
I'm in waiting of official Hoa association for provide a donation system, that can be a good way to bought Wildcard SSL...
What about https://letsencrypt.org/?
@Hywan letsencrypt are still in dev, and support of Wildcard and Nginix implementation are not done.
Ok. Thanks.
Ok, thanks.
So, I close the issue for the moment.
👍