Quantcast

[Salix-main] SSL certificate for website

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Salix-main] SSL certificate for website

George Vlahavas
I have just installede an SSL certificate for our forum, our wiki and the
start page.

>From now on all connections to forum.salixos.org, docs.salixos.org and
start.salixos.org should be using the https protocol.

There is nothing that users should do, old http links should automatically
redirect to the corresponding https link now. The only difference should
be that you should now see a lock on your browser's URL field next to
indicate that this is a secure connection.

You can also use https://salixos.org or https://www.salixos.org to access
the main page, but I have set up no automatic redirect in this case, since
it's only just a static page and no user information is broadcasted.

There shouldn't be any problems at all, the only difference should be that
your access to the wiki or forum is now encrypted.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Salix-main] SSL certificate for website

Cyrille Pontvieux-2

Wonderful !

Was it simple to use Let's Encrypt?

Cyrille

Le 2016-02-24 01:53, George Vlahavas a écrit :

I have just installede an SSL certificate for our forum, our wiki and the 
start page.
From now on all connections to forum.salixos.org, docs.salixos.org and
start.salixos.org should be using the https protocol.

There is nothing that users should do, old http links should automatically 
redirect to the corresponding https link now. The only difference should 
be that you should now see a lock on your browser's URL field next to 
indicate that this is a secure connection.

You can also use https://salixos.org or https://www.salixos.org to access 
the main page, but I have set up no automatic redirect in this case, since 
it's only just a static page and no user information is broadcasted.

There shouldn't be any problems at all, the only difference should be that 
your access to the wiki or forum is now encrypted.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main

 

 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Salix-main] SSL certificate for website

George Vlahavas

On Fri, 26 Feb 2016, Cyrille Pontvieux wrote:
> Wonderful !
>
> Was it simple to use Let's Encrypt?

It was, after I spent some time going through the numerous different
clients. Most of them were not to my liking. The official client does
everything, but it needs far too many extra dependencies. It also requires
to be run as the root user and I didn't like that. Most of the other
clients require to be run as root too, so they were out as well. Other
automate too much. I wanted to be aware of what's happening and not
blindly run some script that I wasn't sure what it was going to do. I
finally used acme-tiny, written in python, it's less than 200 lines and
with no extra deps:

https://github.com/diafygi/acme-tiny/

As long as you setup things with proper user separation in the server, you
don't need to grant it root access. It just needs to have access to where
the temporary challenge files will be. The instructions in the README file
are clear I think (they are not for many of the other clients).

A word of caution if you want to use Let's Encrypt: at first, until you
know for sure that you have set everything properly, edit the
authorization script (in this case acme-tiny.py) and switch to the staging
API. This will let you do everything and when all goes well and there are
no problems, then switch to the official API to complete the process. You
only get 5 tries/week with the official API and then you're blocked.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Salix-main] SSL certificate for website

Tim Beech
Here's someone else who chose it for the same reason, and gives an
interesting account:

http://www.gilesorr.com/blog/acme-tiny.html

On Fri, 26 Feb 2016, George Vlahavas wrote:

>
> On Fri, 26 Feb 2016, Cyrille Pontvieux wrote:
>> Wonderful !
>>
>> Was it simple to use Let's Encrypt?
>
> It was, after I spent some time going through the numerous different
> clients. Most of them were not to my liking. The official client does
> everything, but it needs far too many extra dependencies. It also requires
> to be run as the root user and I didn't like that. Most of the other
> clients require to be run as root too, so they were out as well. Other
> automate too much. I wanted to be aware of what's happening and not
> blindly run some script that I wasn't sure what it was going to do. I
> finally used acme-tiny, written in python, it's less than 200 lines and
> with no extra deps:
>
> https://github.com/diafygi/acme-tiny/
>
> As long as you setup things with proper user separation in the server, you
> don't need to grant it root access. It just needs to have access to where
> the temporary challenge files will be. The instructions in the README file
> are clear I think (they are not for many of the other clients).
>
> A word of caution if you want to use Let's Encrypt: at first, until you
> know for sure that you have set everything properly, edit the
> authorization script (in this case acme-tiny.py) and switch to the staging
> API. This will let you do everything and when all goes well and there are
> no problems, then switch to the official API to complete the process. You
> only get 5 tries/week with the official API and then you're blocked.
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> _______________________________________________
> Salix-main mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/salix-main
>

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [Salix-main] SSL certificate for website

George Vlahavas

On Fri, 26 Feb 2016, tim.beech wrote:

> Here's someone else who chose it for the same reason, and gives an
> interesting account:
>
> http://www.gilesorr.com/blog/acme-tiny.html
>

Yes, that's mostly what I did too. For the last step (restarting the
nginx/apache service), which you will need to do whenever you renew the
certificate as well, you can get away with it with the appropriate use of
sudo and editing the sudoers file.

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Salix-main mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/salix-main
Loading...