• Dear Guest, Please note that adult content is not permitted on this forum. We have had our Google ads disabled at times due to some posts that were found from some time ago. Please do not post adult content and if you see any already on the forum, please report the post so that we can deal with it. Adult content is allowed in the glory hole - you will have to request permission to access it. Thanks, scara

Newbie Guide / Dedicated Site Apps / OMTs / Blogs - See first post

Why isn't this site running an SSL connection? There's plenty of free options out there and some basic encryption wouldn't hurt.
 
Not sure if this is the place to post this. I don't have a 'blog' and don't intend on starting one. However I've been writing this over the last few weeks and wanted to publish it before it gets out of date again. Feel free to move it @scara just not to an OMT..

Taking Stock of Spurs

Being a Spurs fan used to be a fairly thankless task. For a bulk of the 32 years I’ve supported them, we were average to good, occasionally blessed with a talisman and rarely able to add to the trophy cabinet. The thing that persuaded me to write a blog entry was it dawned on me how sometimes in life it’s important to take stock and consider how much times have changed. Imagine being a young Spurs fan who has only followed the Club for three years! Challenging for titles, magic Poch, Champions League more often that not. We’ve been spoilt recently and the future looks even better with the stadium rising from the ground of N17 like a modern day Roman Colosseum. Of course we could lose the occasional player. Walker, Rose, Dier, Alli and even Kane could walk out of our lives for sunnier climates and heftier bank balances. We will however survive and replace them with young, eager talented players who then in turn become the next big thing. Levy has us set up sustainably and compared to almost every other club in Europe we are perfectly set up to benefit from this.


The key to our growth has been the sustainable way in which it’s been done. First came the world class training facilities. Levy showed great acumen in delivering this project prior to anything else. He tried a few talented managers like AVB and eventually found the one, in Poch. The man fits our Club ethos like a glove. After the nonsense bluster of Arry and cluelessness of Tactics Tim, it’s noticeable how the media cut us more slack now that they’re presented with a guy who is literally impossible not to like.


We give youth a chance like no other big club in England. Man Utd and Emirates Marketing Project bring on subs with transfer values of a quarter of a billion pounds. Ridiculous state of affairs and one which financial fair play leaves a lot of unanswered questions. Whether it’s Kane, Trippier, Winks, Dier, Alli, Walker-Peters etc Poch has done more for our national game than any manager since Fergie. Compare that to Chelsea who loan everyone out, Jose who gives no young player a proper chance, Pep who lives by his cheque book and we are clearly the first choice for a talented youngster hoping to make a career in the Premier League. Ryan Sessegnon would be the icing on top of this cake. I’m so proud of our lads when they get called up and genuinely believe Winks should be the central focus of our national team for the next ten years.


With our behemoth of stadium coming out of the ground at White Hart Lane and our team finding consistency in their brilliance, this really is a time to take a step back and gaze admirably at what our club has become. Other clubs can say what they want, we are a top team now and the rest of Europe will be taking note of our Champions League campaign so far. We topped a hard group and just made a huge statement in Turin. That performance reminded me of the Keane game for Utd when they came back from 0-2 to win 3-2.


From my first ever game which saw Gazza rip Oxford United apart 4-2 in the FA Cup third round in 1991, I’ve only ever been an occasional visitor to the Lane. Predominantly because I was the only Spurs fan I knew who was committed enough to attend games. For the last 12 years I’ve lived in Australia which makes it almost impossible to go. Boxing Day against the Saints (another team who I admire because of their youth policy and sustainably run club) was my only chance this season to witness first hand the marvel that is our Club in 2017/18. We might not have the trophy cabinet to rival some of the big clubs in England but I get as much enjoyment out of the fact that we are a major force. We are incredible away from home and had an unbeaten home campaign last season. Take a second to compare that to the days when we knocked about around 12th place. Also try to savour the wins and enjoy the build up to games. Listen to Poch’s philosophy because we are witnessing greatness in this man. His press conferences are the best insight into his mind.


It's easy to be knee jerk in this day and age of media scrutiny but even the most inbred gooner would admit that Spurs have risen, not only in terms of league position but also in terms of prestige (manager, players & stadium) and I personally feel a major trophy is on the near horizon. Either way, enjoy the journey I’d rather be competing for titles and playing in Champions League than playing a Carabou Cup Final for a ‘trophy.’
 
Caching issues solved - you should be able to run on SSL now.

I'm tempted to enforce SSL - any webmonkeys know if that can cause problems?

Nice one! Google should give you a ranking boost for that.

Forcing SSL shouldn't cause any issues, as long as your server rewrites are setup correctly and you're not loading mixed content, e.g loading stuff over http when you're forcing https. Should be easy to debug.
 
Nice one! Google should give you a ranking boost for that.

Forcing SSL shouldn't cause any issues, as long as your server rewrites are setup correctly and you're not loading mixed content, e.g loading stuff over http when you're forcing https. Should be easy to debug.
What happens if someone embeds an http image?
 
What happens if someone embeds an http image?

Tricky scenario. I found this explanation below in a similar forum software's documentation:

You may run into issues with 'embedded images', where people have embedded external images or videos from third party sites into your posts, where those sites are or were not using https.

These will trigger what is called a 'Mixed Content Warning' in the padlock area of the browser. You should aim to convert these images to attachments, subject to copyright, though this will be a manual task and can be fairly arduous if there are lots of them.

Alternatively you can manually edit the embedded URL to change it to https. This will work for major sites.


Will likely be a bit of a pain either way. But for any new embeds I imagine you'll be able to force the use of HTTPS embedding only? Not sure what kind of options XenForo gives you..
 
Looks like XenForo will handle it for you!

It’s important for HTTPS site to load HTTPS content, otherwise you’ll get “Mixed Content” warning.

Luckily Xenforo has a Proxy Images feature which will scrap hotlink (embedded) images and save them on your local server.


Go to ACP > Options > Messages > Activate Proxy Images

*celebration dance*


You might want to give this a read over too: http://cmsdaily.com/how-to-migrate-xenforo-forum-from-http-to-https/
 
Looks like XenForo will handle it for you!

It’s important for HTTPS site to load HTTPS content, otherwise you’ll get “Mixed Content” warning.

Luckily Xenforo has a Proxy Images feature which will scrap hotlink (embedded) images and save them on your local server.


Go to ACP > Options > Messages > Activate Proxy Images

*celebration dance*


You might want to give this a read over too: http://cmsdaily.com/how-to-migrate-xenforo-forum-from-http-to-https/
Got it, thanks.

I've moved to SSL, if I see any issues I'll fix them. Otherwise I'll force the switch in a couple of weeks.

Thanks for the help.
 
WTF? Suddenly i can't log in with my phone.! When I enter the username and password I just come back to the log in screen, and it says "this action is available via POST only. Please press the back button and try again"

Works fine on tablet and PC!
 
Working fine here. You might need to try clearing your browser cache? Can be done from Browsing History usually..
There's something wrong with the front page. Main problem is that I haven't managed to get around to a) Working out what's wrong, b) Fixing it, or c) Putting a redirect to the forum in.
 
There's something wrong with the front page. Main problem is that I haven't managed to get around to a) Working out what's wrong, b) Fixing it, or c) Putting a redirect to the forum in.

Ah brick, yep I see now... I can see you're running Windows web server (IIS). *shudders*

To force HTTPS you'll need to enable the URL Rewrite module (likely already active) then you should be able to add the following snippet to your web.config file in the server root directory:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Other methods are listed here: https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/

Not sure if that's whats causing the server error on the 'front page' though... *shrugs*
 
Ah brick, yep I see now... I can see you're running Windows web server (IIS). *shudders*

To force HTTPS you'll need to enable the URL Rewrite module (likely already active) then you should be able to add the following snippet to your web.config file in the server root directory:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{SERVER_PORT_SECURE}" pattern="^0$" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

Other methods are listed here: https://blogs.msdn.microsoft.com/kaushal/2013/05/22/http-to-https-redirects-on-iis-7-x-and-higher/

Not sure if that's whats causing the server error on the 'front page' though... *shrugs*
That's precisely what I did - not sure why it isn't working
 
Back