• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Moving to HTTPS

    October 5th, 2017
    https, tech  [html]
    About a year and a half ago I added HTTPS support to my sites but kept them running on HTTP for the time being. Chrome plans to eventually mark all HTTP pages as "Not secure", however, and HTTP is in fact not secure, so today I decided to switch over to HTTPS as the default.

    Since Ubuntu 16 LTS ships with a very old version of the Let's Encrypt client I followed their instructions to move to a recent version. Then I put the following in my root crontab:

    28 11 * * * certbot renew --quiet --post-hook "service nginx restart"
    

    This runs the command daily at 11:28, which is a time I chose randomly. Random is good here: it keeps the load on the Let's Encrypt servers more consistent.

    This tells the client to renew whatever cert I currently have, which I had originally generated with:

    sudo letsencrypt certonly
       --webroot
       -w /var/www/    -d www.jefftk.com
                       -d     jefftk.com
       -w /var/www-fr/ -d www.freeraisins.com
                       -d     freeraisins.com
       -w /var/www-lw/ -d www.lilywise.com
                       -d     lilywise.com
       -w /var/www-tc/ -d www.trycontra.com
                       -d     trycontra.com
       -w /var/www-aw/ -d www.annakaufmanwise.com
                       -d     annakaufmanwise.com
       -w /var/www-oc/ -d www.olivercumming.com
                       -d     olivercumming.com
       -w /var/www-bd/ -d www.bidadance.org
                       -d     bidadance.org
       -w /var/www-rs/ -d www.regularlyscheduled.com
                       -d     regularlyscheduled.com
       --email jeff.t.kaufman@gmail.com
       --agree-tos
    

    To switch over to HTTPS I've put:

    server {
      listen 80 default_server;
      server_name redirect_to_https;
      return 301 https://$host$request_uri;
    }
    

    in my nginx config and removed all my listen 80 directives.

    Since I'm still not 100% confident in my HTTPS setup I've put listen 8080 directives for each of my sites, so that it's possible to visit www.jefftk.com:8080 etc over HTTP.

    Comment via: google plus, facebook

    Recent posts on blogs I like:

    Who Should Bear the Risk in Infrastructure Projects?

    The answer to the question is the public sector, always. It’s okay to have private-sector involvement in construction, but the risk must be borne by the public sector, or else the private sector will just want more money to compensate for the extra risk. …

    via Pedestrian Observations November 30, 2020

    Fireside Friday, November 27, 2020

    Hey folks! Fireside this week. A bit of a change-up in terms of the coming attractions. I had planned to start “Textiles, How Did They Make It?” next, but I want to do a bit more reading on some of the initial stages of textile production (that is, the pr…

    via A Collection of Unmitigated Pedantry November 27, 2020

    Thoughts you mightn't have thunk about remote meetings

    Welcome to this week's edition of "building a startup in 2020," in which all your meetings are suddenly remote, and you probably weren't prepared for it. I know I wasn't. We started a "fully remote" company back in 2019, but …

    via apenwarr November 23, 2020

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact