Redirect http:// to http://www

Status
Verringer

Verringer

MC-Market Founder
Supreme
Feedback score
9
Posts
103
Reactions
180
Resources
0
Old suggestion that was implemented, not sure what's with the sudden change to make all non http://www. to 301 pages.

If you want, I can send you the Nginx config for it that won't throw errors? :tup:

0502235032.png
 
Type
Bug report
Status
Implemented
Upvote 9 Downvote
PebbleHost
High performance, consistent uptime and fast support. Minecraft hosting that just works.
O

Overlord

Supreme
Feedback score
2
Posts
569
Reactions
276
Resources
0
buildblox said:
Ajdin explained exactly why SSL wasn't implemented in a previous announcement, and it should be noted that not every site can be so easily changed to support securing as a lot of accessed resources can be of mixed content (some images may be insecure while the site is secure, and then errors coming falling through). And on top of that, when you put Xenforo's default image proxy into the picture, it doesn't exactly leave much room for custom changes. If I remember correctly, prior to migrating to AWS, MCM operated on a content delivery network, which can cause compatibility issues with SSL and the lot.

Again, just my two bits. Pretty sure everything was changed after the site migrated to AWS, as the CDN is no longer visible.

tl;dr custom changes (primarily a CDN) in the system caused SSL to be disabled.
Click to expand...
He didn't say get SSL, he just said do a redirect into your http://www and if you later get SSL you can redirect that to https:// making it one more simple edit to make a redirect chain.

Verringer's argument is valid, somewhat. However, relying on the IP being hidden to not get attacked is not ideal at all. It can be fixed though, just access files using a CDN/remote server. Some separate AWS EC2 instance or something. This site can easily afford that. Then, worst case scenario, any uncached assets cannot be retrieved if that server is offline. Cached assets can still be retrieved.

BeBosny's argument... that drop affected older sites more than newer sites. With Google's recent pushes for sites to use SSL, sites (including advertisers) will have better support for SSL. Unfortunately, some are still really behind and ignoring all of Google's warnings. e.g. video players like IGN/Gamespot will stop working - those sites do not support HTTPS at all even though it's easy for them to do so. Similarly, a lot of advertisers don't support HTTPS sites. Revenue will drop somewhat, perhaps. I doubt it's a big issue for this kinda site and the advertisers it would attract, though.

It should be fine to implement SSL here, however that wasn't the suggestion.
 
Mick

Mick

BuiltByBit Owner
Management
Feedback score
28
Posts
6,412
Reactions
7,664
Resources
0
This has been fixed, thank you very much. We are looking into getting SSL so thank you to those who suggested that also.

If you are still having problems please PM me and I will assist you.

Thanks again.
 
Status
Top