StartSSL/StartCom/Wocom has recently come under fire for some insecure practices in handling of certificates. [0] There is a risk those certs won't be trusted in major browsers in the near future. Also, their site is sort of a pain.
LetEncrypt [1] is standing on much better security ground, and is generally well liked by browsers (Mozilla had a hand in its creation). They are also free. I'd recommend using them. [0]: https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview [1]: https://letsencrypt.org/ On Fri, Oct 14, 2016 at 11:21 AM Bjørn Forsman <bjorn.fors...@gmail.com> wrote: > On 14 October 2016 at 20:06, Stefan Huchler <stefan.huch...@mail.de> > wrote: > > Hello Bjorn, > > > > thanks that looks interesting, worked and as easy as I expect it from > > nixos :) > > > > One more thing how difficult would it be to add https? > > The most difficult part (IMHO) is getting the certificate : -) > > I use something like: > > services.lighttpd.extraConfig = '' > # Lighttpd SSL/HTTPS documentation: > # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL > > $HTTP["host"] == "myserver.example" { > $SERVER["socket"] == ":443" { > ssl.engine = "enable" > ssl.pemfile = "/etc/lighttpd/certs/myserver.example.pem" > ssl.ca-file = "/etc/lighttpd/certs/1_Intermediate.crt" > } > > # Force https scheme for nextcloud > $HTTP["scheme"] == "http" { > $HTTP["url"] =~ "^/nextcloud" { > url.redirect = ("^/.*" => "https://myserver.example$0") > } > } > } > ''; > > You can get free certificate from startssl.com (that's what I use). > > Best regards, > Bjørn Forsman > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev