I enabled TLS for the board and all subdomains here this morning.

Please let me know if there are any issues.

Also note: HSTS is enabled, so if you visit the board via TLS, your browser should enforce all future traffic via TLS from that point forward.

I find that HTTPS works okay.

But HSTS doesn't appear to be active? What did I do wrong?

rwasa is definitely sending the correct header: ... I suppose it depends on your browser as to what action is really taken as a result. The wikipedia article on it (https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) contains a browser support section...

Also see: https://www.ssllabs.com/ssltest/analyze.html?d=board.flatassembler.net&hideResults=on for further information, specifically the "Protocol Details" section where it lists the various features that rwasa is performing.

Edit: Since the board's version of rwasa is the library's default, rwasa is configured to blacklist malicious TLS session attempts, so when the test at ssllabs was finishing, rwasa subsequently blacklisted their testing client (hence all of the "Server sent fata alert: access_denied" in the handshake section). All the rest of the protocol details are there and correct, but if ssllabs' cache is less than the blacklist period of 1 day, that result page may not work correctly.

Oh, I am sorry. I was trying the other links, but now I see that they are hardcoded to HTTP in the source: Everything is fine.

There is presumably a phpBB setting for the base URL of the board, modifying that to point to https:// would be a good thing IMO.

"https://" works fine for me, using Chrome on Chrome OS.

glad to have https://, thanks redsock!
so the whole fasm php phpbb forum running in rwasa web server now?