cli page 2 - Dave's Blog

Search
My timeline on Mastodon

Retweet of FakeUnicode

2016 Feb 12, 7:25
> typeof NaN 'number' > (╯°□°)╯︵ ┻━┻) ...
PermalinkComments

Tweet from David_Risney

2016 Feb 7, 9:13
Pretty shredded polygons in html & js https://www.clicktorelease.com/code/polygon-shredder/ …
PermalinkComments

Let's Encrypt NearlyFreeSpeech.net Setup

2016 Feb 4, 2:48

2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net

I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.

The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.

One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:

curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem

Now that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.

After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.

Header set Strict-Transport-Security "max-age=3600;" 

Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.

After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.

PermalinkCommentscertificate csp hsts https lets-encrypt nearlyfreespeech.net

Tweet from David_Risney

2016 Jan 27, 9:15
Whatever happened to sitcom couples? Conspiracy and death. https://medium.com/@iamchrisscott/whatever-happened-to-television-s-most-famous-couples-c9d569a892ea#.w2wijr6he … Had to recheck URL I wasn't on clickhole
PermalinkComments

Retweet of FakeUnicode

2016 Jan 26, 7:15
OH COME ON. SERIOUSLY?? pic.twitter.com/EMdqGylC4L
PermalinkComments

Retweet of FakeUnicode

2016 Jan 24, 10:52
.@alolita How Ancient Egypt fell. "But great Pharaoh, we need a snake playing croquet." "You have like 50 snake symbols." "But, croquet!"
PermalinkComments

Retweet of FakeUnicode

2016 Jan 10, 10:34
Support! Rather than "Combining" though they would be "Combing." https://twitter.com/martineno/status/686639564207841281 … [@martineno]
PermalinkComments

Retweet of justinkan

2016 Jan 3, 8:57
This seems like the way car ownership declines https://news.ycombinator.com/item?id=10837169 … pic.twitter.com/qexuUwXuj5
PermalinkComments

Retweet of ClickHole

2015 Nov 30, 9:29
Amazing! How many times can @neiltyson win the internet? http://www.clickhole.com/r/3565tsd  pic.twitter.com/6Dgm8oE2YV
PermalinkComments

Retweet of SavedYouAClick

2015 Nov 10, 10:19
Blah Blah Blah And Some People On Twitter Are Mad About It
PermalinkComments

Tweet from David_Risney

2015 Oct 12, 9:31
Auto generating clickbait articles via neural network: http://larseidnes.com/2015/10/13/auto-generating-clickbait-with-recurrent-neural-networks/ …. And the result: http://clickotron.com/ 
PermalinkComments

workjuice: Such whimsy! Video of the “Captain Laserbeam”...

2015 Sep 17, 3:02


workjuice:

Such whimsy! Video of the “Captain Laserbeam” segment of our April Fool’s Funaround is up; just click this sentence!
Starring Paul F. Tompkins​, John Hodgman​, Michael McMillian​, Lauren Lapkus​, Marc Evan Jackson​, Ben Schwartz​, Felicia Day​, Hal Lublin​, Annie Savage, Craig Cackowski, Busy Philipps​, and more!

Tickets are still on sale for our Improv show and other shows in NY in October. Get ‘em here.

PermalinkComments

workjuice: Such whimsy! Video of the “Captain Laserbeam”...

2015 Sep 17, 3:02


workjuice:

Such whimsy! Video of the “Captain Laserbeam” segment of our April Fool’s Funaround is up; just click this sentence!
Starring Paul F. Tompkins​, John Hodgman​, Michael McMillian​, Lauren Lapkus​, Marc Evan Jackson​, Ben Schwartz​, Felicia Day​, Hal Lublin​, Annie Savage, Craig Cackowski, Busy Philipps​, and more!

Tickets are still on sale for our Improv show and other shows in NY in October. Get ‘em here.

PermalinkComments

Tweet from David_Risney

2015 Aug 23, 8:12
Got TAH Concert Film bday gift! Sparks musical ep, visual CLINK & more. So much awesome! https://vimeo.com/120857326  @ThrillingAdv
PermalinkComments

Tweet from David_Risney

2015 Aug 18, 10:23
RL point & click adv game via Twitter gets man out of hole. Use shirt on dog. Use dog on umbrella. Use leash on shirt http://www.polygon.com/2015/8/18/9173621/ryan-north-stuck-hole-twitter …
PermalinkComments

Retweet of grittygrease

2015 Jul 2, 9:53
TLS Client Puzzles Extension http://buff.ly/1GS4bke 
PermalinkComments

laughingsquid: Live Band Performs ‘Mario Kart’ Song as Man...

2015 May 27, 3:11


laughingsquid:

Live Band Performs ‘Mario Kart’ Song as Man Races Down the Video Game Track

PermalinkComments

laughingsquid: A Real Hedgehog Scurries Along to Music From the...

2015 Apr 23, 1:17


laughingsquid:

A Real Hedgehog Scurries Along to Music From the ‘Sonic the Hedgehog’ Video Game While Collecting Golden Rings

PermalinkComments

Retweet of ChromiumDev

2015 Apr 14, 7:29
Now in Chrome 43, document.execCommand() gives you programmatic access to copy and cut content to the clipboard! http://updates.html5rocks.com/2015/04/cut-and-copy-commands …
PermalinkComments

RIP CadburdyShe died yesterday. Besides the normal grief its...

2015 Apr 8, 2:43


RIP Cadburdy

She died yesterday. Besides the normal grief its strange being the adult and dealing with a deceased pet.

PermalinkComments
Older EntriesNewer Entries Creative Commons License Some rights reserved.