cert

The future of Certificate Authorities

With the advent of the fully automated and free of cost certificate authorities Let’s Encrypt and StartCom there is no doubt that the future of CAs are changing.

August 1, 2016 · 5 min · Bjørn Johansen
automation

Let’s Encrypt for Nginx

Let’s install an SSL-certificate from Let’s Encrypt for Nginx.

March 31, 2016 · 4 min · Bjørn Johansen
https-redirect

Redirect all HTTP requests to HTTPS with Nginx

All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.

October 15, 2015 · 3 min · Bjørn Johansen
wp-config-bigip-ssl

WordPress behind Big-IP

To be honest, I don’t exactly know too much about Big-IP, but I’ve come across someone who use it. They terminate HTTPS in Big-IP and WordPress runs on plain HTTP on port 80 on the backend nodes. By default, this makes WordPress confused, so you can’t login to the WordPress dashboard.

September 28, 2015 · 1 min · Bjørn Johansen
certificate

HTTP Public Key Pinning (HPKP)

Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine.

July 16, 2015 · 5 min · Bjørn Johansen
a-plus

Optimizing HTTPS on Nginx

Now that you have secured Nginx with HTTPS and enabled SPDY enabled HTTP/2, it’s time to improve both the security and the performance of the server.

January 18, 2014 · 6 min · Bjørn Johansen

Securing Nginx with HTTPS

Adding a certificate and using the HTTPS protocol is a good improvement to the security in the communication between the browser and the server, and should be in place on all sites that have a user login. Contrary to what many (older) guides say, it doesn’t add much load on your server and is fairy easy and cheap to set up right.

August 22, 2013 · 3 min · Bjørn Johansen