文档章节

HTTPS is easy

openthings
 openthings
发布于 08/16 22:13
字数 713
阅读 15
收藏 0

HTTPS is easy

HTTPS is easy! In fact, it's so easy I decided to create 4 short videos around 5 minutes each to show people how to enable HTTPS on their site and get all traffic redirecting securely, optimise their HTTPS configuration to get it rating higher than most banks, fix any insecure references in a few clicks and finally, secure all the traffic all the way back to their website. I built a little demo site and embedded all the videos in it over at HTTPSIsEasy.com.

Let me begin by being clear about the demographic this is pitched at: I wanted to create a resource that had the broadest possible appeal regardless of technical competency. If someone has entry-level web dev skills and knows enough to get a site up and running but isn't a tech pro, I want this to be usable by them. I want to help take a big chunk out of the massive list of smaller sites that are still served over non-secure connections because the owners simply don't know where to start. I also wanted to keep each video to about 5 minutes so you'll see that there's plenty of stuff I don't embellish on, I just focus on making things work as expeditiously as possible. Having said that, everything in this video series is equally applicable to sites like this very blog and indeed that's pretty much how I have things configured today. If you are a tech pro and you want to go deeper on HTTPS, have a browse back through the dozens of posts on the SSL tag or go and watch 3 and a half hours of Pluralsight training on the subject.

Next, you'll see that this is all very Cloudflare-centric and you may be wondering "why not use Let's Encrypt instead?" I love Let's Encrypt and I love what they've done for the industry in terms of making certs free and automated. But that's only part of the journey to HTTPS and Let's Encrypt doesn't help people redirect to HTTPS, add HSTS, configure the versions of TLS they support or fix HTTP references in otherwise secure pages. All of this is really important for a robust HTTPS implementation and all of it's possible in Cloudflare with mere button clicks. To be honest, the significance of this really only became clear to me when recording these videos just yesterday; Cloudflare makes it so easy not just to get the site served over HTTPS, but to do all the other things you need to do for HTTPS to work properly.

In the final video, I secure the network segment between Cloudflare and the web server by loading one of their origin certificates into Azure. Because I know people will ask, go get yourself OpenSSL then the command I ran is as follows:

openssl pkcs12 -export -inkey httpsiseasy.key -in httpsiseasy.pem -name httpsiseasy -out httpsiseasy.pfx

Frankly, I can't see the demographic I've targeted this series at going down this path that often, in part because of the technical complexity (and yes, grabbing OpenSSL and running commands will be a bar too high for many) and also in part because many hosting providers still don't provide the ability to upload your own cert (such as Ghost Pro that this blog runs on). And before anyone loses their minds over the entire network not being encrypted or Cloudflare being able to MitM the traffic, have a read of CloudFlare, SSL and unhealthy security absolutism.

Finally, because some people will inevitably wonder, this isn't a commercial activity on my behalf; Cloudflare didn't engage me to create this and it'll come as a surprise to them the first time they see it. I created this on a whim after some Twitter discussions earlier this week and I simply wanted to create the most easily accessible resource possible for helping people get their websites served over HTTPS. So share this generously, point people who don't know where to start at HTTPSIsEasy.com and help drive a more "secure by default" web.

本文转载自:https://www.troyhunt.com/https-is-easy/

共有 人打赏支持
openthings
粉丝 271
博文 1007
码字总数 542388
作品 1
东城
架构师
私信 提问
win7下python2.7安装 pip,setuptools的正确方法(亲测)

windows7 下 0.先安装python2.7.5 32位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.msi 64位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.amd64.msi 1.下载htt......

丰_申
2016/02/01
99
0
Windows下python3安装pip管理包

方法有两种: 请参考:http://www.pip-installer.org/en/latest/installing.html#prerequisites 1.通过setuptools安装 安装setuptools,下载 https://pypi.python.org/pypi/setuptools setu......

白夜繁櫻
2013/07/16
0
0
用 easy-sync 同步mysql数据到elasticsearch

easy-sync简介 这是一个通过读取 mysql binlog实现实时同步数据到elasticsearch的产品,操作比较简单,支持多个相同结构的分表同步,支持多个任务的配置和执行。另外当修改数据库结构后,重新...

coolma2000
07/23
0
0
python easy_install工具安装

前提系统要先安装python 1,easyinstall介绍 一般,我们要给Python安装第三方的扩展包,我们必须下载压缩包,解压缩到一个目录,然后命令行或者终端打开这个目录,然后执行python setup.py i...

霞女
2015/11/25
141
0
centos python2.7 easy_install pip安装

倒腾了三四个小时,尼玛 各种编 各种download 开始安装 首先要安装的是 zlib zlib-devel openssl openssl-devel readline readline-devel yum install zlib zlib-devel openssl openssl-deve......

薄皮儿脆沙瓤
2014/12/01
0
0

没有更多内容

加载失败,请刷新页面

加载更多

存储过程知识点收集

记录下,以后要常用的问题 1、获取刚刚插入数据产生的ID SCOPE_IDENTITY 返回当前作用域的插入后产生的一条ID @@IDENTITY 返回当前表的最后一条ID

轻轻的往前走
7分钟前
0
0
elixir keyword和map的区别

┌──────────────┬────────────┬───────────────────────┐ │ Keyword List │ Map/Struct │ HashDict (deprec...

wmzsonic
10分钟前
0
0
解决bootstrap-table-fixed-columns.js显示列与隐藏列按钮切换表格不对齐

<table class="table-striped table-hasthead nowrap" id="tableTest1" data-search="true" data-show-columns="true" data-fixed-columns="true" data-fixed-number="3"></table> 含有dat......

tianyawhl
12分钟前
0
0
ES6 系列之 defineProperty 与 proxy

摘要: ## 前言 我们或多或少都听过“数据绑定”这个词,“数据绑定”的关键在于监听数据的变化,可是对于这样一个对象:`var obj = {value: 1}`,我们该怎么知道 obj 发生了改变呢? ## def...

阿里云官方博客
17分钟前
0
0
美团点评携手 PingCAP 开启新一代数据库深度实践之旅

一、背景和现状 在美团,基于 MySQL 构建的传统关系型数据库服务已经难于支撑公司业务的爆发式增长,促使我们去探索更合理的数据存储方案和实践新的运维方式。随着近一两年来分布式数据库大放...

TiDB
18分钟前
0
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部