• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Moving to HTTPS

    October 5th, 2017
    https, tech  [html]
    About a year and a half ago I added HTTPS support to my sites but kept them running on HTTP for the time being. Chrome plans to eventually mark all HTTP pages as "Not secure", however, and HTTP is in fact not secure, so today I decided to switch over to HTTPS as the default.

    Since Ubuntu 16 LTS ships with a very old version of the Let's Encrypt client I followed their instructions to move to a recent version. Then I put the following in my root crontab:

    28 11 * * * certbot renew --quiet --post-hook "service nginx restart"
    

    This runs the command daily at 11:28, which is a time I chose randomly. Random is good here: it keeps the load on the Let's Encrypt servers more consistent.

    This tells the client to renew whatever cert I currently have, which I had originally generated with:

    sudo letsencrypt certonly
       --webroot
       -w /var/www/    -d www.jefftk.com
                       -d     jefftk.com
       -w /var/www-fr/ -d www.freeraisins.com
                       -d     freeraisins.com
       -w /var/www-lw/ -d www.lilywise.com
                       -d     lilywise.com
       -w /var/www-tc/ -d www.trycontra.com
                       -d     trycontra.com
       -w /var/www-aw/ -d www.annakaufmanwise.com
                       -d     annakaufmanwise.com
       -w /var/www-oc/ -d www.olivercumming.com
                       -d     olivercumming.com
       -w /var/www-bd/ -d www.bidadance.org
                       -d     bidadance.org
       -w /var/www-rs/ -d www.regularlyscheduled.com
                       -d     regularlyscheduled.com
       --email jeff.t.kaufman@gmail.com
       --agree-tos
    

    To switch over to HTTPS I've put:

    server {
      listen 80 default_server;
      server_name redirect_to_https;
      return 301 https://$host$request_uri;
    }
    

    in my nginx config and removed all my listen 80 directives.

    Since I'm still not 100% confident in my HTTPS setup I've put listen 8080 directives for each of my sites, so that it's possible to visit www.jefftk.com:8080 etc over HTTP.

    Comment via: google plus, facebook

    Recent posts on blogs I like:

    Randal O’Toole Gets High-Speed Rail Wrong

    Now that there’s decent chance of US investment in rail, Randal O’Toole is resurrecting his takes from the early Obama era, warning that high-speed rail is a multi-trillion dollar money sink. It’s not a good analysis, and in particular it gets the reality…

    via Pedestrian Observations May 12, 2021

    Collections: Teaching Paradox, Europa Universalis IV, Part II: Red Queens

    This is the second part in a series (I) that examines the historical assumptions behind Paradox Interactive’s grand strategy computer game set in the early modern period, Europa Universalis IV (EU4). Last time, we took a look at how EU4 was a game fundame…

    via A Collection of Unmitigated Pedantry May 7, 2021

    Books and websites on babies

    Several people I know are expecting a first baby soon, and I wrote up notes for one of them. Might as well share here too: Medical:Scott Alexander’s Biodeterminist’s Guide to Parenting is an interesting read, and some parts are actionable.  If you live in…

    via The whole sky April 14, 2021

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact