I just setup my own pod and have https configured (using let’s encrypt for cert). Everything is working great except images still come across as http. How do I force images to go over https as well?
Thanks!
Are these images hosted by your pod or images embedded from other sources on the web? If the latter, they can only be delivered via HTTPS if the originating site supports it; and then only if the link a user has posted contains https:// rather than http://
The only way to enforce all images to be delivered via HTTPS would, I think, be to enable camo on your pod.
These are images hosted on my pod.
What’s camo? I haven’t heard of that before.
When they are from your pod then you probably configured your pod url without https in the diaspora.yml. You can change that, but this doesn’t affect existing images (because the URLs are stored in the database and federated), but new uploaded images should be with https.
Thanks for the info! Can I go into the table in the database that stores the image URLs and just change those to https for existing images?
You can, but only on your pod, on other pods you can’t do that, they’ll keep your existing images with http. However, when you have a working redirect from http to https and add a HSTS header to your pod, the browsers of the users should redirect everything to https, so it shouldn’t be a big problem when they are still http.
I just noticed that the URL in my diaspora.yml has :80 at the end of it. After I change it from http to https should I leave it like that, take the :80 off, or change it to :443?
You shouldn’t add :80 or :443 to the URL (and you should remove it, https with 80 wouldn’t work). If your existing users now have the :80 included in their diaspora ID they will ever federate via http or have problems with federation (I never tested that scenario, I have no idea if this works or if it makes trouble in the future. Changing http to https on other ports work, but changing :80 to https … I have no idea)
New users created without a port should work, and if your existing users don’t have 80 in the diaspora ID they would work too.
They do have :80 in their usernames. Would that be as simple as going into the users table and removing the :80 or should I just leave that as is?
That’s the problem with a federated system. When they already communicated with other pods, they have the :80 in their database too, and as said, you can’t edit other pods. And you shouldn’t edit that on your database, because that would break federation for sure, because they then try to federate with the ID without the :80 and other pods only know them with :80, but would reject the variant without it, because both have the same GUID.
I think diaspora removes the :80 from the pod url for federation, so I think a switch to https should still work (even when they will have the :80 forever in their ID). However I don’t know about other systems, if that would be a problem for them. Also I can’t guarantee if that will never be a problem in the future.
If you didn’t change the url in the diaspora.yml yet, you can drop the database and start with a new database and the fixed url (as the comment above the url in the diaspora.yml says), where every user has the correct diaspora ID without the port. But you would lose all existing users and posts.
Thank you so much for your help!!