let’s encrypt the web!

Letsencrypt is finally in public beta!

Got from ssllabs.com https enabled on my own play webhost today with let’s encrypt!

There are many good guides for getting this setup. This is how I got it working with nginx (without using the experimental nginx plugin of letsencrypt).

on the webhost (not as root):

git clone https://github.com/letsencrypt/letsencrypt
letsencrypt-auto
#eventually this generates some certificates into /etc/letsencrypt
#of course you should read scripts before running anything, there are for example acme-tiny, gethttpsforfree.com and letsencrypt-nosudo that might be better.
#mozilla has some server side SSL recommendations on https://wiki.mozilla.org/Security/Server_Side_TLS

Modify your nginx site file to have something like this:

 

server {
 listen [::]:443 ssl ipv6only=off;
ssl on;
 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_session_cache shared:SSL:50m;
 ssl_session_timeout 5m;
 ssl_session_tickets off;
ssl_protocols TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
 ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 193.166.4.24; 
 root /var/www;
 index index.html index.htm index.php;
# Make site accessible from http://localhost/
 server_name localhost;
add_header Strict-Transport-Security "max-age=15724800";
}
read on
Posted at 4pm on 05/12/15 | No Comments » | Filed Under: IT

Was there an NHL game last night?

Yesterday my Internet activities was restricted unnecessarily!

While waiting for the replay of last night’s NHL game to air, I didn’t want to browse quite a large chunk of my normal Internets – because knowing the score while watching the game sucks. Unbeknownst to me – there was no game last night! Queue impatience, etc.

No more! (at least for the remainder of 2015 edition of the Stanley Cup).

Introducing: http://wasthereannhlgamelastnight.appspot.com/

Today (2015-06-07) it says YES, hopefully tomorrow (2015-06-08) it will say NO :) //update – it did!

This is my first trek into google cloudappengine thingy. Very much work in progress but it’s enough for now.

read on
Posted at 8pm on 07/06/15 | No Comments » | Filed Under: IT


css.php