为什么每个架构都有中心平台
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
本文是与SiteGround合作创建的系列文章的一部分。 感谢您支持使SitePoint成为可能的合作伙伴。
First and foremost, what does it mean for a website to use HTTPS rather than just plain old HTTP? It means that the site is secured with SSL (Secure Sockets Layer) or the more recent TLS (Transport Layer Security). If you’re not knowledgeable about the subject, this statement may mean exactly nothing to you, so let’s break it down.
首先,最重要的是,网站使用HTTPS而不是普通的旧HTTP是什么意思? 这意味着该站点已通过SSL(安全套接字层)或更新的TLS(传输层安全性)保护。 如果您不熟悉该主题,那么此声明对您可能毫无意义,因此让我们对其进行分解。
When you visit a site, and you use the https version of the URL, you are asking for the secured version of the site. In a nutshell, this means that your browser will be hoping to see a SSL/TLS certificate on the website’s server. That certificate should be granted by a verifiable Certificate Authority (CA) and basically allows your browser to interact with it via an encrypted connection. Depending on the certificate, it may also say “Look, this site is who it says it is, that’s been verified”. Once that certificate is found, a secure encrypted connection can be established between your browser and the website. Now, if anyone attempts to step in and intercept your communication, the data will be encrypted. Your ISP might be able to determine what website you went to, or how much data is transmitted back and forth, but there won’t be any further snooping happening.
当您访问网站并使用URL的https版本时,您需要的是网站的安全版本。 简而言之,这意味着您的浏览器将希望在网站的服务器上看到SSL / TLS证书。 该证书应由可验证的证书颁发机构(CA)授予,并且基本上允许您的浏览器通过加密连接与之交互。 根据证书的不同,它也可能会说“看,这个站点就是它所说的那个人,已经通过了验证”。 一旦找到该证书,就可以在浏览器和网站之间建立安全的加密连接。 现在,如果有人试图介入并拦截您的通信,则数据将被加密。 您的ISP可能能够确定您访问了哪个网站,或来回传输了多少数据,但是不会再发生任何监听。
If the website’s server is accepting HTTPS requests, but there is no valid certificate for that website, or the site’s certificate is expired, has an invalid CA, or any other issue, your browser will notify you, and attempt to prevent you from continuing. This is due to the fact that the website is saying that there is a secured connection available, but not providing one, so the browser is trying to make you aware of that.
如果网站的服务器正在接受HTTPS请求,但是该网站没有有效的证书,或者该网站的证书已过期,CA无效或任何其他问题,您的浏览器将通知您,并尝试阻止您继续。 这是由于该网站说存在一个可用的安全连接,但没有提供安全连接,因此浏览器试图让您知道这一点。
Many web servers either have a certificate, and route all incoming traffic to HTTPS, forcing you to use the secure version, or, if they have no certificate, route all traffic to HTTP, thus preventing users from trying to access a secure connection that doesn’t exist.
许多Web服务器要么具有证书,然后将所有传入流量路由到HTTPS,从而迫使您使用安全版本,要么如果它们没有证书,则将所有流量路由到HTTP,从而阻止用户尝试访问不具有安全性的安全连接。不存在。
So, now that we have a rough idea of what constitutes an encrypted connection to a website, let’s take a look at the positive impacts of obtaining a security certificate for your site.
因此,既然我们对构成网站的加密连接有一个大概的了解, 那么让我们看一下为您的网站获取安全证书的积极影响。
In 2014, Google made HTTPS a factor in search results. Their goal seemed to be to force a change, to pressure website administrators to offer proper security for their visitors. At the time, this was a big deal, and it seems to have worked. This period was the start of an upward trend in the percentage of websites that introduced SSL/TLS for part of their traffic. In fact, sites that were entirely HTTPS also went on the rise.
2014年, Google使HTTPS成为搜索结果的一个因素 。 他们的目标似乎是强制进行更改,向网站管理员施加压力,以为其访问者提供适当的安全性。 当时,这很重要,而且似乎奏效了。 这一时期是针对部分流量引入SSL / TLS的网站所占百分比上升趋势的开始。 实际上,完全是HTTPS的站点也在增加。
Of course, Google doesn’t publish all of the changes to the algorithms, but we know that HTTPS is an indicator, and it stands to reason that as more and more sites go HTTPS, that the penalty for not doing so may also be increasing. But for your site, or that of your client, isn’t a little bit of extra work in trade for ensuring that your site isn’t overlooked in favor of HTTPS enabled competitors well worth it?
当然,Google不会发布对算法的所有更改,但是我们知道HTTPS是一个指标,并且有理由认为,随着越来越多的网站使用HTTPS, 不这样做的代价可能还会增加。 。 但是对于您的站点或客户的站点而言,是否有一点额外的交易工作来确保您的站点不会因支持HTTPS的竞争对手而被忽视,这是否值得呢?
This next reason also falls into Google’s wheelhouse, a bit, but concerning a different product: Chrome. According to a blog post about HTTPS sites, starting in 2017 with Chrome version 56, any pages that used forms to collect sensitive information (such as credit cards, login credentials, etc) would now be marked as “Insecure” in the address bar, with the neutral gray icon and text.
下一个原因也落入Google的操盘手,但涉及的是另一种产品:Chrome。 根据有关HTTPS网站的博客文章说 ,从2017年开始,Chrome版本56开始,使用表单收集敏感信息(例如信用卡,登录凭据等)的任何页面现在都将在地址栏中标记为“不安全”,与中性灰色图标和文本。
So, if your site collects private user information, Chrome may already be marking it as “insecure” to your users. What will that do for your user confidence? And in future releases, Chrome will be marking all HTTP sites as “not secure” with red warnings in the bar – a clear sign to your users that they shouldn’t trust you! And Firefox does much the same thing, flagging form fields in non-HTTPS sites that may have you insecurely inputting sensitive information, and instructing users that the site is insecure in the address bar.
因此,如果您的网站收集了私人用户信息,则Chrome可能已经将其标记为对您的用户“不安全”。 这对您的用户信心有什么帮助? 在未来的版本中,Chrome会将所有HTTP网站标记为“不安全”,并在栏中显示红色警告-向您的用户明确表示他们不信任您! Firefox所做的事情也差不多,在非HTTPS站点中标记表单字段,这可能会使您不安全地输入敏感信息,并在地址栏中指示用户该站点不安全。
So, what is your users’ faith in your website worth? Even if you aren’t collecting sensitive information on your site, a visitor’s ability to browse with confidence may make all of the difference.
那么,您的用户对您的网站的信念是什么? 即使您没有在网站上收集敏感信息,访问者自信地浏览的能力也可能会带来很大的不同。
Here we come to what should be the main benefit of using HTTPS for your website – making your visitors and their interactions with your website actually secure. So, what do you actually need HTTPS for, and how will it help secure your visitors?
下面我们就来什么应该是使用HTTPS为您的网站的主要好处-让您的访客以及他们与网站的互动实际上是不安全的。 那么,您实际上需要HTTPS做什么,它将如何帮助保护访问者呢?
As stated at the beginning of this article, the key is encrypted web traffic. When using regular HTTP, your Internet traffic – the forms you fill out on the sites you go to, the information you exchange with them, that can all be intercepted. With HTTPS securely in place, your submitted usernames, passwords, credit card and other financial information – it’s all encrypted. Well worth the effort to set up HTTPS for your website, when the return is a security boost for everyone who uses your website!
如本文开头所述,密钥是加密的Web流量。 当使用常规HTTP时,您的Internet流量-您在所访问的站点上填写的表单,与它们交换的信息都可以被拦截。 使用HTTPS安全地安装了您提交的用户名,密码,信用卡和其他财务信息-所有这些信息均已加密。 值得一提的是,为您的网站设置HTTPS,这对于每个使用您的网站的人来说都是安全的提高!
Granted, some sites don’t deal in these kind of transactions, so this reason, the most compelling for some, may be the least compelling for others.
当然,有些站点不进行此类交易,因此,对于某些站点而言,最引人注目的原因可能对其他站点而言最不吸引人。
Regardless of which specific reason speaks to you most, the fact is that your website needs HTTPS! For small sites this can be a simple and free process, using things like Let’s Encrypt. For more complex ones, you may determine that an immediate switch to HTTPS is logistically challenging. The fact remains that it’s a better solution in the end, though, so you’ll want to make a plan and enact it as soon as you can!
不管哪种特定原因最能与您交流,事实是您的网站需要HTTPS! 对于小型站点,使用Let's Encrypt之类的过程可以是一个简单而免费的过程。 对于更复杂的服务器,您可能会认为立即切换到HTTPS在后勤方面具有挑战性。 事实仍然是,它最终是一个更好的解决方案,因此您将要制定一个计划并尽快将其制定出来!
So, if you’ve decided to get a certificate for your site and go the HTTPS route, the next question is how you would like to proceed. You have a few choices:
因此,如果您决定为您的站点获取证书并采用HTTPS路由,那么下一个问题是您希望如何进行。 您有几种选择:
Check out Let’s Encrypt. Let’s Encrypt is a free service, where you use their command line tools to create and set up your own certificates on your VPS or server. The certificates are free, but have to be renewed every 90 days. However, this process can be automated, so it’s not as bad as it might seem.
查看“ 让我们加密” 。 让我们加密是一项免费服务,您可以在其中使用他们的命令行工具在VPS或服务器上创建和设置自己的证书。 证书是免费的,但必须每90天更新一次。 但是,此过程可以自动化,因此它并不像看起来那样糟糕。
Look for a hosting provider that includes an SSL certificate in their hosting plan, like our partner, SiteGround. SiteGround offers free Let’s Encrypt certificates with each of its hosting plans by default, so you won’t need to make any complex configurations. The certificate will be renewed automatically with your SiteGround hosting account and supported by all most popular browsers.
寻找一个在其托管计划中包含SSL证书的托管服务提供商,例如我们的合作伙伴SiteGround 。 默认情况下,SiteGround提供免费的Let's Encrypt证书及其托管计划 ,因此您无需进行任何复杂的配置。 该证书将使用您的SiteGround托管帐户自动续订,并且受所有最受欢迎的浏览器支持。
Purchase an SSL certificate yourself from a certificate authority such as Verisign, Digicert, or Comodo. Note that in this case you’ll have to pay both for the certificate and upload it to your hosting provider or set it up yourself, if using your own server or VPS and also take care of its renewal afterwards. 自己从证书颁发机构(例如Verisign,Digicert或Comodo)购买SSL证书。 请注意,在这种情况下,如果您使用自己的服务器或VPS,则必须同时支付证书的价格并将其上载到托管服务提供商或自行设置,并在以后进行更新。Regardless of which you choose – pick a method, and get your website running with HTTPS today!
无论选择哪种方法,请选择一种方法,并立即使用HTTPS运行您的网站!
翻译自: https://www.sitepoint.com/why-every-website-needs-https/
为什么每个架构都有中心平台
