-
Notifications
You must be signed in to change notification settings - Fork 798
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable SSL on hastebin.com #82
Comments
That would require @seejohnrun to buy a SSL certificate which costs money. Not sure if he is willing to do that for this project. |
We use nginx to display a certificate and proxy pass it to http://localhost:7777 which is our solution fo rthis. |
You can get free SSL certificates at StartSSL |
I would rather suggest that @seejohnrun is looking into CloudFlare's free UniversalSSL solution which they've released two or three months ago: https://www.cloudflare.com/ssl |
@frdmn StartSSL is more trustworthy than CloudFlare SSL, as this article explains. |
We are using StartSSL as well. It is the better option for us since we don't want CloudFlare to interfere. I've run into many problems with my websites on CloudFlare like their inability to allow me to stream large amounts of data to my sites. |
you can try https://letsencrypt.org/ |
I can confirm that LE does not cause any issues with haste. LE is being looked into as an option. |
Please setup a 301 redirect from http://hastebin.com/ This came up in our current discussion here: |
First time I used free certs of StartSSL and wont to change to others, until I got a news that Chinese company which now owner of StartSSL, violated many rules for certificate centers and then Google and Mozilla notified about removing certs of some Centers, include StartSSL. So, I very quickly moved to letsencrypt and still use it. I personally see sense in SSL when login, when typing personal or sending any confidential and private info (Or just keep security of private self-codes web chat, etc.), and it is not needed if using it on news, information sites (just to read, with no input from visitor, maybe search or something). And, are you really trust pastebin services to use them for your secret plans sending by them to colleges? Even fact of non-encrypted store on server side makes ability to read that by hacking of server. I think if sense for this, I suggesting to implement a "secure pastes with password or closed key" option which also encrypts data on client side and server receives and stores encrypted data. So, we will have regular pastes for publicity and private pastes which are encrypted and requiring password to open them. |
I agree with @Wohlstand; I have an instance of hastebin that uses LetsEncrypt (https://ma.tc)on my personal server...even I cant guarantee it's security on the long run. Yes the connection is safe through LetsEncrypt, other than that, I can't be 100% certain that my server has not been compromised. |
Hastebin runs behind cloudflare as of a bit ago - please re-open if there's an ongoing issue |
Can you add cloudflare in front of hastebin.com and enable SSL?
The text was updated successfully, but these errors were encountered: