2016-Nov-5: Updated post on using Let's Encrypt with NearlyFreeSpeech.net
I use NearlyFreeSpeech.net for my webhosting for my personal website and I've just finished setting up TLS via Let's Encrypt. The process was slightly more complicated than what you'd like from Let's Encrypt. So for those interested in doing the same on NearlyFreeSpeech.net, I've taken the following notes.
The standard Let's Encrypt client requires su/sudo access which is not available on NearlyFreeSpeech.net's servers. Additionally NFSN's webserver doesn't have any Let's Encrypt plugins installed. So I used the Let's Encrypt Without Sudo client. I followed the instructions listed on the tool's page with the addition of providing the "--file-based" parameter to sign_csr.py.
One thing the script doesn't produce is the chain file. But this topic "Let's Encrypt - Quick HOWTO for NSFN" covers how to obtain that:
curl -o domain.chn https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pemNow that you have all the required files, on your NFSN server make the directory /home/protected/ssl and copy your files into it. This is described in the NFSN topic provide certificates to NFSN. After copying the files and setting their permissions as described in the previous link you submit an assistance request. For me it was only 15 minutes later that everything was setup.
After enabling HTTPS I wanted to have all HTTP requests redirect to HTTPS. The normal Apache documentation on how to do this doesn't work on NFSN servers. Instead the NFSN FAQ describes it in "redirect http to https and HSTS". You use the X-Forwarded-Proto instead of the HTTPS variable because of how NFSN's virtual hosting is setup.
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]Turning on HSTS is as simple as adding the HSTS HTTP header. However, the description in the above link didn't work because my site's NFSN realm isn't on the latest Apache yet. Instead I added the following to my .htaccess. After I'm comfortable with everything working well for a few days I'll start turning up the max-age to the recommended minimum value of 180 days.
Header set Strict-Transport-Security "max-age=3600;" Finally, to turn on CSP I started up Fiddler with my CSP Fiddler extension. It allows me to determine the most restrictive CSP rules I could apply and still have all resources on my page load. From there I found and removed inline script and some content loaded via http and otherwise continued tweaking my site and CSP rules.
After I was done I checked out my site on SSL Lab's SSL Test to see what I might have done wrong or needed improving. The first time I went through these steps I hadn't included the chain file which the SSL Test told me about. I was able to add that file to the same files I had already previously generated from the Let's Encrypt client and do another NFSN assistance request and 15 minutes later the SSL Test had upgraded me from 'B' to 'A'.
Lots of questions about my #ES6
arrow functions assertions. Here's full context (and some cleanup/clarifications): https://github.com/getify/You-Dont-Know-JS/blob/master/es6%20%26%20beyond/ch2.md#arrow-functions …
David Risney
@David_Risney :
Matt & David on Chris Hardwick’s Comic Con Blunder (x)
requested by tennanttardistime
Bonus Chris Hardwick in costume:
Moral: laws should cover behavior not specific technologies. The implementation can change, laws shouldn’t take such dependencies.
cnet:
Mp3 playing retainer transmits music through your teeth:
Bone conduction audio, retainers, and shiny hip-hop teeth grills aren’t new inventions, but tech hacker Aisen Caro Chacin had the clever idea to put them all together.
The Play-A-Grill MP3 player prototype fits in your mouth like a retainer, shines on the outside like a precious metal rap grill, and plays music through bone conduction through your teeth.
Oh man, this would have made puberty just a touch cooler. Maybe.
On Monday in Germany we went to Marienplatz and wandered around
the Christmas Market, some of the stores, had drinks in a little pub, visited the Toy Museum, and checked out an impressive looking church. We accidentally drew in some other tourists as we stood
gaping at the Glockenspiel tower waiting for the little show to begin at the wrong hour. That night Megan and Oliver came by our hotel and took us out to a traditional Bavarian restaurant and
brewery that had been brewing beer there for hundreds of years. It was fun although we may have kept Megan and Oliver out too late on a weeknight.
The next day we went to the Deutsches Museum the largest science and technology museum in the world. And indeed it is very large, six floors
on a large grounds. I needed to better pace myself: I spent too much energy being interested in the engineering sections with steam engines, mining, aerospace etc. I was completely worn out by the
time we got to physics, chemistry, etc. etc. and we didn't even look in the natural sciences section. Anyway, its very large. That night we ate with Jon at an Italian restaurant. During the meal
two period dressed children came in and began singing then tried to shake down their captive audience in the restaurant asking for money. The man at the table next to us asked one of the children
what charity the money was going towards, the child said they kept the money, and the man said never mind then and sent the child away.
sequelguy posted a photo:
Horse drawn carriage was an alternative to the bus to the castle.
The weekend before last Sarah and I went down to Gas Works Park in Seattle. Gas Works Park is a former Seattle Gas Light Company gasification plant now turned into a
park with the machinery kept intact and found right on the shore of Lake Union. There's a large hill right next to the plant with an embedded art installation from which you get an excellent view
of the park and the lake. Anyway a very cool place. Afer, we ate at Julia's of Wallingford where I stereotypically had the Santa Cruz
omelet. Good food, nice place, nice neighborhood.
This past weekend was Halloween weekend. On Halloween at Microsoft parents bring their kids around the office buildings and collect candy from those who
have candy in their office. See Matt's photo of one such hallway at Microsoft. The next day Sarah and I went to two birthday parties the second of which required costume. I went as House (from the
television show House) by putting on a suit jacket and carrying a cane. Sarah wore scrubs to lend cred. to my lazy costume. Oh yeah and on Sunday Sarah bought a new car.
Some rights reserved