Make ubuntu-mate.org HTTPS-only

security

#1

Users of the “HTTPS Everywhere” plugin get the ubuntu-mate.org main site in HTTPS automatically, but everyone else explicitly has to open it with https://ubuntu-mate.org.
Would it be possible to have http always redirect straight to https for the entire site?


#2

I think this would make it more private and that is a good thing.
Is the site available in ipv6?


#3

Is it possible that the site can be set to https only @lah7?


#4

You’d have to ask @Wimpy on this one. I do not have control over hosting or the actual server settings.

As far as I’m aware, the server already prefers HTTPS when available. Typing in http://ubuntu-mate.community already redirects to HTTPS in Firefox and Chrome for instance.

Not sure on the benefits on HTTPS only? :confused:


#5

It ensures you always have the benefits of HTTPS (encryption+authentication). If it is merely optional, unless you use plugins like HTTP Everywhere, you explicitly need to specify the protocol so you get the HTTPS version of the site.
Most people will just type “ubuntu-mate.org” and thus get the plain HTTP version.


#6

As @lah7 says this community, which handles authentication credentials, is only available via https.

Originally the main ubuntu-mate.org site was also https only too, but Windows XP user (Yes, I know) couldn’t download the iso images etc. So the main site can be accessed via http too. But I’m going to be switching back to https only for all sites in a couple of months. Just wanted to give some XP hold outs time to download and migrate to Ubuntu MATE :slight_smile:


#7

A post was split to a new topic: Certificate problem with ubuntu-mate.org


#8

Hi,

any Updates to make ubuntu-mate.org site https only?
Seems the community is the only https-section.

In my opinion Downloads of iso’s should be https secure only.

https://cdimage.ubuntu.com/ubuntu-mate/releases

pappl