On Wed, Feb 22, 2017 at 7:14 AM, John P. New <wikitech(a)hazelden.ca> wrote:
I am running MediaWiki 1.28 on a shared host, which
means no access to
node.js. So in order to run Parsoid and RESTbase I have installed both on
my home server. As such, I have no way of getting a trusted SSL certificate
for it; the most I could do is a self-signed certificate, which I am sure
will cause as many browser complaints as the current mixed-content does.
VE calls are proxied through the wiki; you can serve them in SSL but make
the wiki -> Parsoid server calls in plaintext.
That said, you should definitely use Let's Encrypt; it's very easy to set
up and you have one less script injection / cookie stealing vulnerability.