gnucode.me/site/https-ing-gnucodeme.html

<!DOCTYPE html><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><meta name="keywords" content="GNU, Emacs, Libre Software, Hurd, Guile, Guix" /><meta name="description" content="GNUcode.me is a website focusing on libre software projects, especially the GNU project." /><link type="application/atom+xml" rel="alternate" title="GNUcode.me -- Feed" href="/feed.xml" /><a rel="me" href="https://fosstodon.org/@thegnuguy"></a><link type="text/css" href="css/footer.min.css" rel="stylesheet"></link><link type="text/css" href="css/header.min.css" rel="stylesheet"></link><link type="text/css" href="css/main.min.css" rel="stylesheet"></link><title>HTTPS-ing GNUcode.me — GNUcode.me</title></head><body><header><nav><ul><li><a href="index.html">GNUcode.me</a></li><li><a href="services.html">Services</a></li><li><a href="about.html">About</a></li><li><a href="business-ideas.html">Business-ideas</a></li></ul></nav></header><h1>HTTPS-ing GNUcode.me</h1><main><section class="basic-section-padding"><article><h3>by Joshua Branson — September 03, 2020</h3><div><p>So, when I recently re-configured this website with <code>guix system</code> and the
associated <code>nginx service</code>, I set up the site to work just fine with <code>HTTP</code> and
HTTPS.  The difference is that <code>HTTPS</code> has a little green &quot;this site is secure&quot;
logo in the upper left hand side of your browser.</p><p>The tiny baby little problem was that users could happily use the insecure
version of the site, which could promote a man in the middle attack.  Luckily
I've been reading up on the <code>HTTP header</code> <code>Strict-Transport-Security</code>, which
allows me to inform users that my site supports <code>HTTPS</code>.  You can still browse
the site using <code>HTTP</code>, but most likely your browser will re-direct you to the
<code>HTTPS</code> version.</p><p>You can verify this yourself with the following:</p><pre><code>wget http://gnucode.me</code></pre><p>And of course I have to show the
<a href="https://notabug.org/jbranso/linode-guix-system-configuration/src/master/linode-locke-lamora-current-config.scm">configuration</a>
for my linode guix server looks something like this:</p><pre><code class="language-scheme">(service nginx-service-type
         (nginx-configuration
          (server-blocks
           (list
            (nginx-server-configuration
             (server-name '(&quot;gnucode.me&quot;))
             (listen '(&quot;80&quot; &quot;443 ssl&quot;))
             (root &quot;/srv/www/html/gnucode.me/site/&quot;)
             ;; tell browsers my site supports HTTPS, and tell them that it will
             ;; at least work for 1/2 hour.  Gradually,  I will increase this number.
             (raw-content (list &quot;add_header Strict-Transport-Security max-age=1800;&quot;))
             (ssl-certificate &quot;/etc/letsencrypt/live/gnucode.me/fullchain.pem&quot;)
             (ssl-certificate-key &quot;/etc/letsencrypt/live/gnucode.me/privkey.pem&quot;)
             (locations
              (list
               (nginx-location-configuration          ;certbot
                (uri &quot;/.well-known&quot;)
                (body (list &quot;root /srv/www;&quot;))))))))))</code></pre><p><a href="https://guix.gnu.org">Guix System</a> makes this kind of thing really easy!  You
should try it!</p><p>Happy Hacking! <em>insert cute emoji here</em></p></div></article></section></main><footer><p>© 2020 Joshua Branson.  The text on this site is free culture under the Creative Commons Attribution Share-Alike 4.0 International license.</p><p>This website is build with Haunt, a static site generator written in Guile Scheme.  Source code is <a href="https://notabug.org/jbranso/gnucode.me">available.</a></p><p>The color theme of this website is based off of the famous <a href="#3f3f3f" target="_blank">zenburn</a> theme.</p></footer></body>