Announcement

Collapse
No announcement yet.

FAQ: Converting your forum to https

Collapse
X
Collapse

  • FAQ: Converting your forum to https

    CONVERTING YOUR FORUM TO HTTPS
    Applies to self-hosted versions of:
    vB3; vB4; vB5;
    Cloud sites have https enabled by default and you do not need to do anything.

    This FAQ explains how to convert your vBulletin forum to use secure https (SSL) rather than http, and why you might need to.
    Note: This guide contains links to external sites. vBulletin Solutions is not responsible for the content of external links and cannot be hedl responsible for the accuracy of information contained on them.

    WHAT IS HTTPS?
    https stands for Hyper Text Transfer Protocol Secure. It is the secure version of http, the protocol used for sending data between your browser and a website. It means all communications between your browser and the website are encrypted. The 'S' stands for secure. Web browsers will usually display a green padlock to indicate that a secure connection is in place. For https to work, an https certificate needs to be installed on the server.

    WHAT IS AN HTTPS CERTIFICATE?
    https uses a public and private key system. Data that has been encrypted with the public key can only be decrypted by the private key and vice-versa.
    When a web browser connects to a webpage via https, the server sends its https certificate to the browser. This certificate contains the public key needed to begin the secure session.

    WHY DO I NEED HTTPS?
    Data sent over regular http connections are sent in plain text and could in theory be read by anyone who intercepts the connection. With an https connection, the data is securely encrypted, meaning that even if someone intercepted it, they wouldn't be able to read it.
    Starting in January 2017, Google's Chrome browser will begin to mark non-https pages as 'Insecure'. This warning may put off visitors to your site. Other browsers are expected to follow suit in due course.
    More details on this can be found HERE
    Additionally, Google is now using https as a ranking signal, meaning not having https could harm your site's ranking in Google. More details on this HERE.

    HOW IS THE MOBILE APP AFFECTED?
    Starting in January 2017, Apple is enforcing APP TRANSPORT SECURITY (ATS) for all new apps signed after that date. More details on this HERE. This means that apps signed after January 2017 must use secure https when making API calls and connecting to web services.
    We have updated vBulletin Mobile Suite to version 1.13 to publish apps using HTTPS, to meet Apple's App Transport Security requirement. After Jan. 1, you will not be able to submit updated apps to the iTunes App Store using earlier versions of Mobile Suite. Your current apps are fine and will continue to work with your site; you just won't be able to update them until you use v1.13.

    HOW DO I CONVERT MY FORUM TO HTTPS?
    The first thing you will need is an https certificate. In most cases, the first port of call for this will be your web host. https certificates are commonly referred to as SSL certificates, although these days they are usually actually TLS certificates. These are protocols used for https. TLS stands for Transport Socket Layer, and is the successor to SSL, which stands for Secure Socket Layer. You don't really need to concern yourself with these two protocols, but if you are interested, technical details can be found HERE.
    In most cases, your host will make a small charge for an https certificate. This is generally an annual fee which needs to be renewed. Failure to renew it will cause users to receive a warning in their browser that the certificate has expired, so it's vital to keep this up to date. https certificates are generally tied to a specific domain. The certificate will need to be installed on your server - again, generally your host will do this for you.

    You are not tied to buying the certificate from your host, however it is generally the easiest option if you're not well versed in doing this type of thing. If you purcahse one from a third party, you will normally find instructions on your web hosts website for how to perform the installation of the certificate yourself. For example, one hosting company has a guide HERE. There is another guide HERE. Use these guides at your own risk - vBulletin does not endorse and has not tested any of the guides linked to here. If you are unsure - speak to your host, who should be happy to help.

    I HAVE MY CERTIFICATE INSTALLED - WHAT NEXT?
    The next step is quite simple. Log into your vBulletin AdminCP, and then follow the appropriate instructions below for your version.

    vBulletin 5
    Go to Settings > Options > Site Name / URL / Contact Details.
    Edit 'Forum URL' and add the 's' into the URL.
    For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum

    vBulletin 4
    Go to Settings > Options > Site Name / URL / Contact Details.
    Edit 'Forum URL' and add the 's' into the URL.
    For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum

    vBulletin 3
    Go to vBulletin Options > vBulletin Options > Site Name / URL / Contact Details.
    Edit these three settings: 'vBulletin URL'; 'Login URL'; 'Core URL' and add the 's' into the URL.
    For example, if your URL is http://www.contoso.com/forum, change it to https://www.contoso.com/forum
    NOTE: Do not remove the word 'core' at the end of the core URL. You will break your site!

    The key to all three vBulletin versions is that all you do is change http to https. Do not alter any other part of the URL.

    Once you have changed these settings, go to AdminCP > Maintenance > General Update Tools, and rebuild the styles. (In vB3 this is AdminCP > Maintenance > Update Counters). Leave the default settings and just run this update tool.

    ANYTHING ELSE?
    Your site should now load and run normally when using https in the URL. However, you now need to redirect any http traffic to https, so that everyone using your site uses the secure connection.
    Again, in most cases, the simplest way to arrange this is to ask your host to configure it for you. They shouldn't charge for doing this, and it won't take them very long.
    If you'd rather do it yourself, it involves playing about with special files used by different types of server software - For instance, a server running 'Apache' will use an '.htaccess' file, whereas a server running IIS will use a 'web.config' file. If you don't know which server software your server is running, speak to your host. GoDaddy have a useful guide to making these changes HERE. However, these files can be quite tricky to work with, and an incorrect entry will break your site. It's much simpler to get your host to do it!

    THAT'S IT!
    You shouldn't encounter any difficulties and your site should be showing a green padlock in most browsers.
    You may run into issues with 'embedded images', where people have embedded external images or videos from third party sites into your posts, where those sites are or were not using https. These will trigger what is called a 'Mixed Content Warning' in the padlock area of the browser. In practice, what this means is that such embedded images or videos will not show and users may just see a blank space. You should aim to convert these images to attachments, subject to copyright, though this will be a manual task and can be fairly arduous if there are lots of them. Alternatively you can manually edit the embedded URL to change it to https. This will work for major sites like YouTube, but on some sites it may not work if https is not available. There are some third party add-ons that can help with this problem such as THIS ONE, however vBulletin cannot provide official support for third party code.

    If, after following this guide, you are still experiencing issues, please contact vBulletin Support.

    • BirdOPrey5
      #1
      BirdOPrey5 commented
      Editing a comment
      Under "What is HTTPS" the first line is: https stands for Hyper Text Transfer Protocol. It should say: https stands for Hyper Text Transfer Protocol Secure. (Or you should ask what does HTTP stand for?)

    • BirdOPrey5
      #2
      BirdOPrey5 commented
      Editing a comment
      "2017 will be the year most of the web moves to https." - is opinion, and also something I factually doubt. By pageviews it's probably already mostly https (Google, facebook, youtube, all https already) but by sheer number of sites, I just don't see it.

    • BirdOPrey5
      #3
      BirdOPrey5 commented
      Editing a comment
      Under "How do I convert my forum to HTTPS" in the 2nd paragraph is "This is generally an annual few which needs to be renewed." I assume few should be fee?

    • BirdOPrey5
      #4
      BirdOPrey5 commented
      Editing a comment
      In the same section, 3rd paragraph, the bbcode link to namecheao is broken.

    • BirdOPrey5
      #5
      BirdOPrey5 commented
      Editing a comment
      In the section "I HAVE MY CERTIFICATE INSTALLED - WHAT NEXT?" you have the instructions for VB3 and VB5 swapped. Also you repeatedly use "Edit 'URL of your forum.'" but the setting name is "Forum URL" (in VB3 and VB4) I think it would be less confusing to use the actual setting name. (Just my opinion on that.)

    • BirdOPrey5
      #6
      BirdOPrey5 commented
      Editing a comment
      Under ANYTHING ELSE? This line needs several edits: If you;d rather do it yourself, it involves playing about with special files used by different types of server - For instance, a Linux-based server will use an '.htaccess' file, whereas a Windows server will use a 'web.config' file. GoDaddy have a useful guide to doing this HERE. However, these files can be quite tricky to work with, and an incorrect entry will break your site. It's much simpler to get your host to do it! ----- First you:d has a semicolon instead of an apostrophe. The next part after the comma just sounds funny, at a minimum "different types of server" I think should be "different types of servers." Also... .htaccess isn't used on Linux it's used on Apache. .htaccess may be on Windows if Windows is using Apache and of course Linux can used web servers that don't use .htaccess. I'm sure you know this but over-simperfing can confuse more people. I think you need to mention it is a combination of Operating System and Web Server.

    • BirdOPrey5
      #7
      BirdOPrey5 commented
      Editing a comment
      Under "THAT'S IT!" the truth is (in my experience anyway) few browsers display a "Mixed Content Warning" most (Chrome. Firefox) seem to just not display insecure content, you get no warning. So maybe warn users that if after converting to http videos and images just seem to disappear it's because they are not using https protocol. They can try to edit the posts and change http to https manually. On sites like youtube that should work fine but for images embedded from random websites they may simply not be available in https.

    • BirdOPrey5
      #8
      BirdOPrey5 commented
      Editing a comment
      And building on that, the link to the edits to make in the Admin CP for old versions of VB3 and VB4, I question the wisdom of suggesting everyone make the edits. Those features are likely unused by most of our customers and I would say something like "These edits are optional, they may not be important to you. Edits are only necessary if you regularly used these features."

    • Mark.B
      #9
      Mark.B commented
      Editing a comment
      Yeah I was going to leave out the edits altogether and just mention it was fixed in 4.2.5....that might be the route to go down. Keeps us away from file edits which I'm sure most people would mess up. Nobody is used to file edits these days!

      Will get the changes made, I tried to over simplify the htaccess bits because a lot of customers don't know what Apache is! But it doesn't really work. I'll reword it.

    • Mark.B
      #10
      Mark.B commented
      Editing a comment
      Thanks Joe, sorted most of this now I think. Took out the file edit part altogether, since it only affects the admincp we can probably handle any questions from that via the support channels.
      Rewrote the htaccess / web.config parts, I tried to oversimplify it originally. I've now done it by server software and pointed them to their host if they don't know what software they are running!
      Removed the bit of about 2017 being the year of https.
      Fixed the broken Namecheap link.
      Sorted the typos.
      Renamed the vB3 site url bit (I copied from the wrong line on the admincp)

    • CarpCharacin
      #11
      CarpCharacin commented
      Editing a comment
      Why is there no image proxy?

    • Mark.B
      #12
      Mark.B commented
      Editing a comment
      There isn't one in vB5 by default.
    Posting comments is disabled.

Article Tags

Collapse

There are no tags yet.

Latest Articles

Collapse

  • FAQ: Converting your forum to https
    Mark.B
    CONVERTING YOUR FORUM TO HTTPS
    Applies to self-hosted versions of:
    vB3; vB4; vB5;
    Cloud sites have https enabled by default and you do not need to do anything.

    This FAQ explains how to convert your vBulletin forum to use secure https (SSL) rather than http, and why you might need to.
    Note: This guide contains links to external sites. vBulletin Solutions is not responsible for the content of external links and cannot be hedl responsible for the accuracy of...
    9th December 2016, 00:40
  • How to install vB5 manually
    Mark.B
    These instructions show you how to manually configure the two config files that come with vBulletin 5.

    1. Download the newest vB5 release from the members' area. https://members.vbulletin.com

    2. Unzip the files and go to the "upload" folder.

    3. You need to rename this file:

    /config.php.bkp

    To:

    /config.php

    Then, you need to rename this file:

    /core/includes/config.php.new
    ...
    9th March 2016, 22:59
  • Add custom forum icons to vB5
    Mark.B
    Currently the forum icons on vBulletin 5 are sprites...this makes them rather tricky to change effectively.

    If you add the below custom css using Site Builder > Style > CSS Editor, as long as you have your icons uploaded somewhere, you can change them. Cloud customers can upload their icons to AdminCP > vBCloud File Manager, and then use the URLs the file manager gives you. Self hosted customers should upload the icons to a suitable path on their server, and use those URLs....
    9th March 2016, 22:54
  • How to fix or add back Mark Channels Read
    Mark.B
    By default, "Mark Channels Read" is present in the navbar, but it only works on 'Forum' pages.
    As of 5.2.3 it is no longer present AT ALL in new installs.

    Here's how to make it work on any page if it does already exist. (If it doesn't exist, instructions for adding it back are at the bottom, but you still need to do this part!)

    First, go to AdminCP > Style Manager, and from your chosen style, select "Add New Template" from the dropdown.
    ...
    9th March 2016, 22:49
  • Add a Gallery to vBulletin 5
    Mark.B
    Here's how to add a Gallery like the one seen on this site.

    My site has done it by using a forum called "Gallery" that is set not to display in the forum listings (set its display order to "0" in the channel manager).
    Create a link in the navbar to that forum and call it "Gallery".

    Then, go into that forum, and using Site Builder, set the tabs to display "Latest Activity" by default, and not to display "Topics" whatsoever....
    9th March 2016, 20:47
Working...
X