文档章节

HTTPS is easy

openthings
 openthings
发布于 2018/08/16 22:13
字数 713
阅读 27
收藏 0

HTTPS is easy

HTTPS is easy! In fact, it's so easy I decided to create 4 short videos around 5 minutes each to show people how to enable HTTPS on their site and get all traffic redirecting securely, optimise their HTTPS configuration to get it rating higher than most banks, fix any insecure references in a few clicks and finally, secure all the traffic all the way back to their website. I built a little demo site and embedded all the videos in it over at HTTPSIsEasy.com.

Let me begin by being clear about the demographic this is pitched at: I wanted to create a resource that had the broadest possible appeal regardless of technical competency. If someone has entry-level web dev skills and knows enough to get a site up and running but isn't a tech pro, I want this to be usable by them. I want to help take a big chunk out of the massive list of smaller sites that are still served over non-secure connections because the owners simply don't know where to start. I also wanted to keep each video to about 5 minutes so you'll see that there's plenty of stuff I don't embellish on, I just focus on making things work as expeditiously as possible. Having said that, everything in this video series is equally applicable to sites like this very blog and indeed that's pretty much how I have things configured today. If you are a tech pro and you want to go deeper on HTTPS, have a browse back through the dozens of posts on the SSL tag or go and watch 3 and a half hours of Pluralsight training on the subject.

Next, you'll see that this is all very Cloudflare-centric and you may be wondering "why not use Let's Encrypt instead?" I love Let's Encrypt and I love what they've done for the industry in terms of making certs free and automated. But that's only part of the journey to HTTPS and Let's Encrypt doesn't help people redirect to HTTPS, add HSTS, configure the versions of TLS they support or fix HTTP references in otherwise secure pages. All of this is really important for a robust HTTPS implementation and all of it's possible in Cloudflare with mere button clicks. To be honest, the significance of this really only became clear to me when recording these videos just yesterday; Cloudflare makes it so easy not just to get the site served over HTTPS, but to do all the other things you need to do for HTTPS to work properly.

In the final video, I secure the network segment between Cloudflare and the web server by loading one of their origin certificates into Azure. Because I know people will ask, go get yourself OpenSSL then the command I ran is as follows:

openssl pkcs12 -export -inkey httpsiseasy.key -in httpsiseasy.pem -name httpsiseasy -out httpsiseasy.pfx

Frankly, I can't see the demographic I've targeted this series at going down this path that often, in part because of the technical complexity (and yes, grabbing OpenSSL and running commands will be a bar too high for many) and also in part because many hosting providers still don't provide the ability to upload your own cert (such as Ghost Pro that this blog runs on). And before anyone loses their minds over the entire network not being encrypted or Cloudflare being able to MitM the traffic, have a read of CloudFlare, SSL and unhealthy security absolutism.

Finally, because some people will inevitably wonder, this isn't a commercial activity on my behalf; Cloudflare didn't engage me to create this and it'll come as a surprise to them the first time they see it. I created this on a whim after some Twitter discussions earlier this week and I simply wanted to create the most easily accessible resource possible for helping people get their websites served over HTTPS. So share this generously, point people who don't know where to start at HTTPSIsEasy.com and help drive a more "secure by default" web.

本文转载自:https://www.troyhunt.com/https-is-easy/

共有 人打赏支持
openthings
粉丝 285
博文 1052
码字总数 574209
作品 1
东城
架构师
私信 提问
win7下python2.7安装 pip,setuptools的正确方法(亲测)

windows7 下 0.先安装python2.7.5 32位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.msi 64位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.amd64.msi 1.下载htt......

丰_申
2016/02/01
99
0
Windows下python3安装pip管理包

方法有两种: 请参考:http://www.pip-installer.org/en/latest/installing.html#prerequisites 1.通过setuptools安装 安装setuptools,下载 https://pypi.python.org/pypi/setuptools setu......

白夜繁櫻
2013/07/16
0
0
Easy-mock让团队协作效率提高不止一点点

引言(http://www.susouth.com/)   今天我们来聊聊,随着互联网发展,这两年前后端分离的开发模式兴起,Mock也从以住的幕后走上了台面,让更多的人而得知,以前传统的开发方式Mock大多局限在...

苏南-首席填坑官
2018/11/26
0
0
python easy_install工具安装

前提系统要先安装python 1,easyinstall介绍 一般,我们要给Python安装第三方的扩展包,我们必须下载压缩包,解压缩到一个目录,然后命令行或者终端打开这个目录,然后执行python setup.py i...

霞女
2015/11/25
141
0
centos python2.7 easy_install pip安装

倒腾了三四个小时,尼玛 各种编 各种download 开始安装 首先要安装的是 zlib zlib-devel openssl openssl-devel readline readline-devel yum install zlib zlib-devel openssl openssl-deve......

薄皮儿脆沙瓤
2014/12/01
0
0

没有更多内容

加载失败,请刷新页面

加载更多

利用神器BTrace 追踪线上 Spring Boot应用运行时信息

概述 生产环境中的服务可能会出现各种问题,但总不能让服务下线来专门排查错误,这时候最好有一些手段来获取程序运行时信息,比如 接口方法参数/返回值、外部调用情况 以及 函数执行时间等信...

CodeSheep
40分钟前
3
0
OSChina 周四乱弹 —— 我想过年请假提前回家两天

Osc乱弹歌单(2019)请戳(这里) 【今日歌曲】 @clouddyy :#每日一歌# 分享王力宏的单曲《爱错》 《爱错》- 王力宏 手机党少年们想听歌,请使劲儿戳(这里) @Caremorele :这几天起床有点...

小小编辑
今天
59
5
Cookie 显示用户上次访问的时间

import javax.servlet.ServletException;import javax.servlet.annotation.WebServlet;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.serv......

gwl_
今天
1
0
网络编程

第14天 网络编程 今日内容介绍  网络通信协议  UDP通信  TCP通信 今日学习目标  能够辨别UDP和TCP协议特点  能够说出UDP协议下两个常用类名称  能够说出TCP协议下两个常用类名称...

stars永恒
今天
3
0
二进制相关

二进制 众所周知计算机使用的是二进制,数字的二进制是如何表示的呢? 实际就是逢二进一。比如 2 用二进制就是 10。那么根据此可以推算出 5的二进制等于 10*10+1 即为 101。 在计算机中,负数以...

NotFound403
昨天
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部