My username is epiz_29549734 (I tried to put my domain URL but your forum tells me I can only have two links in a post)
Error Message
I am attempting to link an image that is hosted on my domain onto a community forum on another domain, but the image shows as a broken link. The image works when I type the URL directly into my browser, but does not show in my post on the forum.
As you can see, the second image in the post just shows a broken link
My question is, is this a configuration setting that I am able to alter myself, or is it something that you guys at infinityfree have specifically prevented? (I understand that you have policies around file sharing and what-not, has this been inadvertantly been prevented as a solution to prevent file sharing?). If it is outwith my control, is there a way you can enable this behaviour for images? If it is something that I can control, can you tell me how I can do it within the adminpanel/cPanel?
Thanks!
PS. Yes, I know I can just go to somewhere like imgbb - but since this is my domain, and its something I’ve never had an issue with before with previous hosts/self-hosting, I’d like to be able to continue as I always have done, if possible. I do understand however if its something that isn’t possible to change because of the file-sharing issue. Seems a bit sledgehammer-y to crack a nut, to prevent image hot-linking, however. As an IT professional of 20+ years experience, I know its possible to allow this without allowing file-sharing, but as long as theres a technical explanation as to why you can’t do it, I’ll be happy
Understood - I get the reasoning, just wanted to double-check that it wasn’t something I had inadvertently enabled. Thanks for the quick reply.
Slightly irritating that you are classifying linking an image as “file sharing” - but I get that this too could be open to abuse. There’s work-arounds available, so… harm no foul. Cheers.
Thank you for this guide, GreenReader9 - but what this has to do with image hot-linking, I am not too sure?
I already have https:// enabled with the lock icon and a nice wildcard certificate from the good people at Let’s Encrypt, with an automated renewal system in place to renew before the 90 days are up.
It’s quite easy to do, even for infinityfree free hosting accounts. It doesn’t require an external tools, just the ability to add a TXT record via your DNS/domain name provider (In my case that is porkbun.com). Adding the TXT record with the information required by Let’s Encrypt proves that you own the domain, and then they can issue wildcard certificates for your domain, e.g. *.yourdomain.com.
This is very easy to do if you don’t use the infnity nameservers. In my case, when I created my account, I switched the nameservers to ns.epizy.com for the duration required to create my account (I was able to switch them back within 15 mins). That way I retain full domain control of all my DNS records, my email host/forwards are unaffected, and my other sub-domains for the services I have been running for the past two years remain unaffected.
The only thing I needed was a free webhost, and infinity ticks (nearly) all the boxes. Prior to using infinity, I had been self-hosting my own website using a Rasberry PI cluster, using a PI 4 as a load balancer, with a cluster of four PI 3B as a web-cluster, and used NGINX as my load balancer/proxy on each PI.
Yes, I will miss using SSH and command line access, but now my web traffic won’t be eating up my home broadband connection
It’s really just a system that blocks non-browsers. It’s not setup to block x and not y or z.
Because instead of the image being loaded from IF’s servers, it is loaded though Cloudflare instead, bypassing the security protocol IF has in place. If you want that image on the other site (hotlinking), just connect your site to Cloudflare, than it will work since IF’s servers will not know the origin of the request, and therefore not block it.
That’s the reason I use Cloudflare, but not sure if you are talking about that or a different DNS service.
Just to be clear: this system is not intended to stop file sharing. That’s primarily what the file size limits are for.
The security system is intended to keep bad bots from your website, and also to help enforce the rule of “our hosting is for websites only”.
I know, off topic, but wait.
Are you saying you have Let’s Encrypt certificate without external tools AND automatic renewal AND domain provider integration?
Because you always need an ACME client to use Let’s Encrypt (the external tool) and our control panel still requires you to upload the certificate by hand (automatic renewal). And the TXT validation changes with every renewal, so you’ll need to update that by hand unless if you have software to talk to your DNS API to automate that.
What I did not realize were that wildcard domains can now be used in the control panel. I thought this was impossible. Interesting, it would make domain validation a lot easier in our panel too.
To clarify - the tool I am using is Certify The Web https://certifytheweb.com and it automates the process. It produced the TXT elements required for DNS verification/ownership, and this remains the same when you need to renew your certificate (it was either the Let’s Encrypt TXT fields, or ones generated by Certify The Web, and it asked me to leave them in place otherwise I would have to go through manual configuration next time in 90 days).
Since I am using Porkbun.com to manage my DNS, and kept their nameservers, adding the field was easy.
The only thing I need to do manually is paste in the new private key into the infinityfree cPanel, and the related chain. IIRC that’s the top and bottom boxes - the middle one remained blank.
So it’s not completely automated, but near as dammit - I’m sure there could be some script knocked up to automate the pasting of the certificate, but TBF I would rather do that manually than risk any password(s) being inadvertantly leaked by putting them in script(s). I’m sure you guys could fully automate the process since you will have command line SSH access to your box rather than having to do with the limitations of a cPanel (even if it is a good cPanel, it’s still not SSH )
From the client About box:
According to the about information within the tool (windows client) it automates TLS/SSL certificates from ACME enabled Certificate Authorities including Let’s Encrypt, BuyPass Go, SSL.com and ZeroSSL.
Actually, it would have been even easier for me to apply my certiicate(s), since porkbun.com actually has SSL certificates, application and renewal, all built into and for free, within their DNS frontend - however they automatically issue keys above 2048bit, which are not able to be used in the free hosting package from infinityfree - so I had to ditch those ones and generate my own lower bit keys.
Sorry for the multiple replies Just noticed you asked whether I managed it without external tools - I think I may have exagerrated that slightly, since certify the web is technically an external tool - since you would have to use the Let’s Encrypt linux program to get your certificates, this tool is simply the windows version of the same (with bells on) and hence what I meant was, other than the tool you HAVE to have to get the certiificate (whether its the let’s encrypt program or another program to issue your certificate) you don’t need any EXTRA tools over and above the mandatory one. Phew… sorry for the verbosity, thats my asberger’s taking over…
But that’s just as much “automated” as our own Free SSL Certificates tool is if you’re using the Let’s Encrypt provider. GoGetSSL isn’t quite as automatic because they create a new CNAME record for every validation, but our Let’s Encrypt CNAMEs are consistent.
Looking at _acme-challenge.thebotfactory.net, it points to a CNAME record from acme-dns.io. Which is pretty much what we do too, but with our own DNS servers to push the TXT records to.
I also played around with the wildcard certificates, and it seems fairly straight forward to reproduce here. So then people would only have to add one CNAME record instead of two.
Web scraping has also crossed my mind, but it just seems too fragile to rely on website parsing for such an important feature.
Sadly, we aren’t any more able to automate this than you are. InfinityFree gets the hosting from iFastNet, and until they provide an API to install SSL certificates, I can’t automate it.
Interesting, I didn’t know some of those companies had ACME API’s! There might be something useful in there.
You’re using external software (Certify The Web) and an external service (Acme DNS). So I would say that’s most definitely with external tools.
There are tons of tools to issue Let’s Encrypt certificates. Certbot is the most well known one for Linux, but I’ve also used Dehydrated and GetSSL.
But the client area doesn’t use the “Linux tools” per se, it actually uses AcmePHP Core, a library which can be hooked into other PHP code bases. Like the client area.
No problem! I love discussions like this, it’s always great to learn from the experience of others!
Certbot was the one I was thinking about about but couldnt recall its name. Because Im not using your name servers, I couldnt use your built-in system, else I probably would have done just that
Our SSL Certificates tool can be used with any nameservers. All you need is the ability to set CNAME records, which can be done almost anywhere.
Most of the instructions about setting it up are aimed at our nameservers, since that’s what most people are using and we can’t provide instructions for every DNS provider in existence. But that doesn’t mean you have to use our nameservers.
Thanks really great! Thanks - perhaps you should make it more clear that you can do this? When I looked in the cPanel, the only reference I found was the SSL/TLS button, which just opens a page to paste your certificates in, so I just presumed that I had to go away, get my own, and then paste them there. I didn’t realise you could generate them with the free tier package! Guess I just didn’t look hard enough - assumption, you know what they say about assumption
The control panel is off the shelf software from iFastNet, the free SSL certificates tool is something I custom built for InfinityFree. The control panel has no references to it because the same text is shown for brands other than InfinityFree who do not provide SSL certificates.
That said, it’s useful feedback, and I can try if something can be done to add a link there.
Yeah - I finally found the SSL request, and its outside of the cPanel in the main website, which is not somewhere I visit regularly since I bookmarked the client area for my main website account It was only when going to the homepage to click the community forum that I finally saw the SSL button! AHAAAAA that’s what everyone is talking about, not the SSL/TLS button inside the cPanel… D’OH!
