https-ing-gnucodeme.html 3.9 KB

1234567891011121314151617181920212223242526272829
  1. <!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>HTTPS-ing GNUcode.me — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>HTTPS-ing GNUcode.me</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — September 03, 2020</h3><div><p>So, when I recently re-configured this website with <code>guix system</code> and the
  2. associated <code>nginx service</code>, I set up the site to work just fine with <code>HTTP</code> and
  3. HTTPS. The difference is that <code>HTTPS</code> has a little green &quot;this site is secure&quot;
  4. logo in the upper left hand side of your browser.</p><p>The tiny baby little problem was that users could happily use the insecure
  5. version of the site, which could promote a man in the middle attack. Luckily
  6. I've been reading up on the <code>HTTP header</code> <code>Strict-Transport-Security</code>, which
  7. allows me to inform users that my site supports <code>HTTPS</code>. You can still browse
  8. the site using <code>HTTP</code>, but most likely your browser will re-direct you to the
  9. <code>HTTPS</code> version.</p><p>You can verify this yourself with the following:</p><pre><code>wget http://gnucode.me</code></pre><p>And of course I have to show the
  10. <a href="https://notabug.org/jbranso/linode-guix-system-configuration/src/master/linode-locke-lamora-current-config.scm">configuration</a>
  11. for my linode guix server looks something like this:</p><pre><code class="language-scheme">(service nginx-service-type
  12. (nginx-configuration
  13. (server-blocks
  14. (list
  15. (nginx-server-configuration
  16. (server-name '(&quot;gnucode.me&quot;))
  17. (listen '(&quot;80&quot; &quot;443 ssl&quot;))
  18. (root &quot;/srv/www/html/gnucode.me/site/&quot;)
  19. ;; tell browsers my site supports HTTPS, and tell them that it will
  20. ;; at least work for 1/2 hour. Gradually, I will increase this number.
  21. (raw-content (list &quot;add_header Strict-Transport-Security max-age=1800;&quot;))
  22. (ssl-certificate &quot;/etc/letsencrypt/live/gnucode.me/fullchain.pem&quot;)
  23. (ssl-certificate-key &quot;/etc/letsencrypt/live/gnucode.me/privkey.pem&quot;)
  24. (locations
  25. (list
  26. (nginx-location-configuration ;certbot
  27. (uri &quot;/.well-known&quot;)
  28. (body (list &quot;root /srv/www;&quot;))))))))))</code></pre><p><a href="https://guix.gnu.org">Guix System</a> makes this kind of thing really easy! You
  29. should try it!</p><p>Happy Hacking! <em>insert cute emoji here</em></p></div></article></section></main><footer><p>© 2020 Joshua Branson. The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme. Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>