During installation, try to automatically force HTTPS, or invite users to setup SSL via Let's encrypt #12654
Labels
c: Privacy
For issues that impact or improve the privacy.
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Milestone
The goal of this issue is to make sure most users will use Matomo over SSL all the time. Using SSL is very important and we need to remind users they should have it enabled by default.
Context
These days It is basically required to run Matomo over SSL for anyone using Matomo seriously. This will also help users achieve GDPR compliance #12600 as it's essential to use HTTPS for Matomo and GDPR compliance.
We are doing some work also in other issues:
Solution
Here the proposed solution is that during installation (maybe even in the very first screen?) we would display a new checkbox "[x] Use HTTPS for secure data transfer with Matomo"
have a SSL certificate for your domain, we recommend to use (or ask your technical team) Let's encrypt to generate free SSL certificates".
initially suggested by @sgiehl in #7279 (comment)
The text was updated successfully, but these errors were encountered: