login   |    register

Scale Modeling Sponsors

See Your Ad Here!

Network Talk
For discussions about network-wide site topics, announcments, etc.
Secure SSL/HTTPS stuff
drabslab
_VISITCOMMUNITY
European Union
Joined: September 28, 2004
KitMaker: 1,914 posts
AeroScale: 1,480 posts
Posted: Friday, October 13, 2017 - 02:29 AM GMT+7
In my experience, in the long term every site (or more general IT system) of some size gets killed by growth, technology changes, evolutive maintenance and most importantly: evolving user requirements and expectations.

Once that the "spaghetti" is too big, the only way out is to re-design from scratch. The art is to do this in a future proof way. I have experienced that I don't master that art , and have seen few archtiectures that really seem (with emphasis on "seem") future proof.

What I do know (at least I think I do) is that it usually pays to keep the user interface (the site) as lean and focussed as possible, and to hide as much of the code as possible in independent services feeding the site.

However, transferring an existing "legacy" situation to such architecture without wrecking the whole site in the process is quite a chalenge.
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
_VISITCOMMUNITY
California, United States
Joined: December 15, 2001
KitMaker: 12,328 posts
AeroScale: 494 posts
Posted: Thursday, October 12, 2017 - 11:04 AM GMT+7
I suppose one issue is search relevancy. It's sort of hard to change domains this late in the game and have say 'armorama.kitmaker.net' have the same results as 'armorama.com' enjoys. A wildcard SSL for *.kitmaker.net was always the long range plan, alas the cost of these per year has gone up like 100% in the past 5 years. Clearly the whole idea of Google downplaying non-secure sites in search results has had a err... positive benefit for SSL certificate sellers. :/

You might be interested to know that having a virtual hosting scenario with most of our domains seems to qualify domains that are NOT in the certificates domain name to still show up via Chrome and most browsers as 'secure'. Apparently it has a lot more to do with server and IP than with the actual domain name itself. So oddly for example all the *.kitmaker.net domains come up secure, even though I am NOT using a wildcard SSL. I only have one for armorama.com and one for kitmaker.net.

Cheers,
Jim
drabslab
_VISITCOMMUNITY
European Union
Joined: September 28, 2004
KitMaker: 1,914 posts
AeroScale: 1,480 posts
Posted: Wednesday, October 11, 2017 - 07:17 PM GMT+7
The joys of IT

What is the reason behind using all these different URLs?

In my simple mind I would have kitmaker as a basic URL and then the sub domains aeroscale.kitmaker, armorama.kitmaker, modelgeek.kitmaker etc ?

staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
_VISITCOMMUNITY
California, United States
Joined: December 15, 2001
KitMaker: 12,328 posts
AeroScale: 494 posts
Posted: Monday, October 09, 2017 - 12:05 PM GMT+7
It's currently working (mostly) on kitmaker domains and armorama domains. Due to the way the server is setup it's also working on some odd domains that are not actually part of the two certificates I now own. But... if you try to go to https://aeroscale.co.uk or other non-kitmaker, non-armorama domains you will get a browser warning. Since there are obviously some hard links or redirects that still might go to these domains keep that in mind. You will either need to okay the 'unsafe' site or change the link to 'aeroscale.kitmaker.net' and then it will work normally. Or... change the URL to just HTTP and not HTTPS.

Cheers,
Jim
drabslab
_VISITCOMMUNITY
European Union
Joined: September 28, 2004
KitMaker: 1,914 posts
AeroScale: 1,480 posts
Posted: Thursday, October 05, 2017 - 03:11 AM GMT+7
The best news is that it seems to work. I see aeroscale in https.

Removed by original poster on 10/05/17 - 07:15:55 (GMT).
JClapp
#259
_VISITCOMMUNITY
Massachusetts, United States
Joined: October 23, 2011
KitMaker: 2,072 posts
AeroScale: 1,581 posts
Posted: Thursday, October 05, 2017 - 01:20 AM GMT+7
Sounds challenging, but definately worth the effort.
thanks for your hard work!
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
_VISITCOMMUNITY
California, United States
Joined: December 15, 2001
KitMaker: 12,328 posts
AeroScale: 494 posts
Posted: Wednesday, October 04, 2017 - 09:11 AM GMT+7
I also just updated the 'login' link to ALWAYS point to the secure page (HTTPS) so this means that your browser may not have your password info stored for that page. If you have forgotten it just use the password reset feature please.

And it would appear that most of the sites will now work as secure via the self-signed certificates I have on the server for the other domains. I didn't realize it would do that actually. Getting paid for certificates for all the domains (or even just a Wildcard for KitMaker) was going to be damn expensive per year so if this works so much the better.

Cheers,
Jim
staff_Jim
Staff MemberPublisher
KITMAKER NETWORK
#002
_VISITCOMMUNITY
California, United States
Joined: December 15, 2001
KitMaker: 12,328 posts
AeroScale: 494 posts
Posted: Wednesday, October 04, 2017 - 08:54 AM GMT+7
I have been attempting to update the code framework to support switching to a secure connection (HTTPS vs. HTTP) and am seeing it finally in green on Chrome as "Secure" via using https://www.armorama.com page. Not every page is going to be clear of http links, so not sure how far in it will extend. They were punishing us for the adserver supplying images that were only http for example so I would imagine you might get warnings on some forum pages with images from non http sources. Our gallery for one.

Anyway just wanted to update everyone. I am sure this is all fascinating stuff to you guys.

Cheers,
Jim