dreamax

Just because they have > 20k+ active users this doenst mean they have 20k+ page hits/second. Its correct that they use an (ukraine based) ddos protected server while relying on the (in my opinion much better) free cloudflare service too. Spending more money in server hardware doenst mean the site gets faster/more reliable. Currently they have 955 online user* (137 members, the guests could be easily cached eg. by cloudflare) in IPB. You could easily host an 400 online members installation on an 1 GB VPS. *in the 15 minutes window that IPB displays

$150/month for web hosting is a ripoff. At least if its just for the website, IPB, bugtracker, controlpanel and item database. This could be done on one, or multiple smaller, VPS, much cheaper. Hosting the realm/world server at OVH isnt cheap too. Donation would just be an opinion for me if i could be sure that donations wouldnt be wasted. And with waste i dont mean to not donate an beer to the devs/admins, thats perfectly fine for me.

Actually the posted plugin does this in an smarter way:

Hi there, it will affect any images hosted on external servers. AFAIK this will only affect post content and signatures only. Avatars are hosted on the local server. Most people in here using "http://i.imgur.com/XX.png" Image links. The problem would be solved by changing them to "https://i.imgur.com/XX.png" Example: Secure site: https://forum.elysium-project.org/index.php?showtopic=23775 Mixed-content site: https://forum.elysium-project.org/index.php?showtopic=23775&page=5 (because "TheOfficialLion" sig points to http://i.imgur.com/CfqQDpx.png)

Hi there, you are using nginx, if its version >= 1.9.5 (for example nginx-1.10.2) and not the old one from the official debian repo, you should consider to enable HTTP/2 HTTP/1.1: server { .. listen 443 ssl; .. } HTTP/2: server { .. listen 443 ssl http2; .. } Remeber, just available from nginx 1.9.5 onward. Thanks, dream

Hi there, actually you are allowing your users to use http:// images in there threads and signatures. This results in "mixed content" insecure browser messages. There is, however, no reason to allow this. Most image hosters already serve there images via http & https. Some users having for example "http://i.imgur.com/XX" (they are available at https ://i.imgur.com/XX too) images in there signature, leading to insecure https message in the whole thread. So you should consider to disallow http:// based images at all or use an plugin like this: https://invisionpower.com/files/file/7510-ssl-image-proxy/ IMHO there should be no negative effects. Thanks dream

This problem has been fixed.

This problem has been fixed.

This problem has been partially fixed. You've added the intermediate and the root certificate. The last one (root) is already in the browser trust store and dont need to be trasmitted. (only cert+intermediate, see my first post)

This problem has been fixed.

Hi there, your are using an 4096bit RSA certificate, this fine, but you rely on 1024bit key length for diffie-hellmann key exchange only. That is far too little, you should use an much longer one. (eg. 4096bit): and tell Nginx to use it

Hi there, you forgot to include an intermediate in your globalsign certificate chain which could lead to an "Certificate Not Trusted" error, while visiting your site via https. Since you are using nginx, you can easily add it to your valkyrie-wow.org certificate as certificate bundle. See https://support.globalsign.com/customer/en/portal/articles/1290470-install-certificate---nginx https://support.globalsign.com/customer/portal/articles/1464460-domainssl-intermediate-certificates Your certificate bundl should then look like (root certificate is not needed):

Hi there, Your mainpage embeds the following non https linked images when browsed via https://elysium-project.org/: http://valkyrie-wow.org/images/changepass.jpg http://valkyrie-wow.org/images/wereback.jpg this leads to an "This page is not secure" message (depending on the browser) and should be fixed.