Going HTTPS

This blog, my landing page, wiki, and a few of my other Websites are now being served encrypted over HTTPS (see the lock icon in your address bar?), thanks to Let’s Encrypt. Along with TLS, I’ve enabled HTTP/2.

/images/2015/12/02/blog.samat.org-SSL-screenshot.thumbnail.png

Hackers won’t find anything sensitive on my public Websites, but my private Websites (e.g. my ownCloud and Tiny Tiny RSS instances) have needed more security for a long time.

Enabling HTTP/2 was very easy, as HTTP/2 support is shipped with the ‘http2’ module in Apache 2.4.17 and later. While easy, it wasn’t obvious; I’ve written a tutorial for enabling HTTP/2 on Apache. Redirecting non-HTTP connections was trickier than I thought, so I’ve written a tutorial for HTTPS redirects with Apache’s mod_rewrite too.

I created my TLS certificates as part of Let’s Encrypt’s closed beta. I have an unconventional and complex Apache setup (something I’ll simplify, one day…) and because of bug 1531, a problem in an upstream library, I can’t use the official client the way it was meant to be used (i.e. “install” or “auth” commands). I don’t think I wanted an automated script editing config files on my servers anyway.

With a lot of fiddling, I’ve figured out how to use the official letsencrypt client reverse proxied through Apache, which will let me update certificates regularly without headache.

Comments

Comments powered by Disqus