MigrateToFlarum Lab, the health scanner for Flarum

Ralkage

Wadera someone killed it 😢 was about to use it too lol

clarkwinkelmann

Sorry everyone, should be back up now.

CyberGene

Thanks for this service, I managed to transform my forum from D to A+ 🙂 Wasn't easy since I'm on Siteground which ignores the .htaccess file, so had to create custom ignore URL-s on the Siteground interface as well as modify my DNS records, page forwarding rules on CloudFlare and other settings (enable HSTS for example).

clarkwinkelmann

I have added a new page to the website https://lab.migratetoflarum.com/stats

For now you have stats about ratings and extension count, but I'm thinking of adding Flarum version, javascript size and page generation time. Let me know if you have any other idea! (the stats are generated from data I already have inside the scans in the database)

The minimum extension count probably doesn't make much sense because it likely refers to a scan where I was unable to find all extensions.

010101

clarkwinkelmann No ideas. I just think the things you make are really neat. Nice addition.

DarkXero

Scan results show risk how to fix ? Am not knowledgeable at all so be gentle https://lab.migratetoflarum.com/scans/01341758-c85d-4b55-b9a6-66e1ef6a10ef

askvortsov

DarkXero You have 2 issues:

www.techxero.com needs to return a 301 redirect to techxero.com. Currently, both URLs return the site.
You might want to enable HSTS headers which will require that your site be served via https.

DarkXero

askvortsov like I said not knowledgeable so need guidance

clarkwinkelmann

DarkXero you can use this extension to obtain the correct configuration in "1 step" https://discuss.flarum.org/d/19307-canonical-url-redirect

If you want to do it "the proper way" without an extension, you can search something like "<your hosting> force www" or respectively "no-www" depending on your preferred domain. If your hosting is managed, it might be one click in the management panel. Or it might be in your provider's online documentation. If it's a VPS or if there's no documentation, you can search for "<webserver> force www", for Apache, Nginx or other webserver.

Basically there are many different ways to achieve it depending on your exact hosting situation. If you need further help, please let us know what kind of hosting you are using for your forum and which company provides it.

DarkXero

clarkwinkelmann My hosting is shared with limited access... Plus no idea where to fix that... But will try extension easier

Darkle

You got me with this! first time I've seen it 😂

clarkwinkelmann

Darkle ahah, oops. I forgot to disable the April Fools mode! It's gone now 👀

There are a few special extensions that appear when this mode is enabled 😇 I have enabled it each year but you might be the first visitor to actually notice 😂

Valeyard

Awesome resource, thanks!

clarkwinkelmann

The lab is now able to scan forums running Flarum 1.4.

While the release contains no breaking changes for extension, there was an important change to the inline javascript/json in the homepage I had not noticed in advance and of course it broke everything in my script.

In future lab updates I will probably start dropping compatibility with older Flarum betas, at the moment you can still scan forums that run versions as old as Flarum beta 7 (the current Flarum release when the lab was launched). The code starts getting a bit complicated with all the changes during the years.

fakruzaruret

Can we control extension's version control? Which is updated which is not updated? I think it should list unupdated extensions and show the last versions. Thank you very much for this great tool. @clarkwinkelmann

clarkwinkelmann

fakruzaruret I'm not sure what you mean I could/should change on the lab or what are you suggesting people do?

The lab tries to warn of extension updates but it's very limited in the ways it can guess the current version of the extension. If the lab isn't sure the extension is outdated, it won't say anything.

To check for updates on your own forum more accurately, you should use Mercury or the composer outdated -D command.

fakruzaruret

clarkwinkelmann such as mercury.

I used composer update -w command to update extensions but it does not works always. For example fof/sitemap extension is not updated this command. Then I found the new version (2.x) and I tried to update it changing composer json file. I learned the new version by chance. Composer outdated -Dshows other packages like illuminate etc.

Mercury shows a list current version and last versions. This is nice view to examine. But currently I cant use it I get error 🙁

https://discuss.flarum.org/d/27620-mercury-the-extiverse-extension-to-understand-extension-updates

command: php flarum mercury:update-check

CyberGene

May I suggest that you make the option to not publish the results the default one? Because from my understanding this is where a lot of recent Chinese spammers are getting their way to raid Flarum forums.

clarkwinkelmann

The Lab has been updated to detect Flarum versions 1.6.0, 1.6.1 and 1.6.2.

New scans for version 1.5.0, 1.6.0 and 1.6.1 will receive rating "D", won't appear on the homepage, and show a warning about the recent Flarum vulnerability with a link to https://discuss.flarum.org/d/31999

clarkwinkelmann

I have marked all Flarum versions that the lab can recognize (beta 7 to stable 1.6.1) as vulnerable.

The Lab cannot tell Flarum version 1.6.3 apart from 1.6.2 since all changes are server-side and you need an account to probe for the vulnerability, so 1.6.2 will not show a vulnerable rating. You should still update as soon as possible if you are still running Flarum 1.6.2.

If you are wondering why the list of recent scans disappeared (already a few weeks ago), the SQL query that fetched that information was poorly written and there are now so many entries in the database that the whole website would time out because of it. I still haven't had time to rewrite it properly, so for the time being the list is hidden.

« Previous Page