文档章节

HTTPS is easy

openthings
 openthings
发布于 08/16 22:13
字数 713
阅读 8
收藏 0

HTTPS is easy

HTTPS is easy! In fact, it's so easy I decided to create 4 short videos around 5 minutes each to show people how to enable HTTPS on their site and get all traffic redirecting securely, optimise their HTTPS configuration to get it rating higher than most banks, fix any insecure references in a few clicks and finally, secure all the traffic all the way back to their website. I built a little demo site and embedded all the videos in it over at HTTPSIsEasy.com.

Let me begin by being clear about the demographic this is pitched at: I wanted to create a resource that had the broadest possible appeal regardless of technical competency. If someone has entry-level web dev skills and knows enough to get a site up and running but isn't a tech pro, I want this to be usable by them. I want to help take a big chunk out of the massive list of smaller sites that are still served over non-secure connections because the owners simply don't know where to start. I also wanted to keep each video to about 5 minutes so you'll see that there's plenty of stuff I don't embellish on, I just focus on making things work as expeditiously as possible. Having said that, everything in this video series is equally applicable to sites like this very blog and indeed that's pretty much how I have things configured today. If you are a tech pro and you want to go deeper on HTTPS, have a browse back through the dozens of posts on the SSL tag or go and watch 3 and a half hours of Pluralsight training on the subject.

Next, you'll see that this is all very Cloudflare-centric and you may be wondering "why not use Let's Encrypt instead?" I love Let's Encrypt and I love what they've done for the industry in terms of making certs free and automated. But that's only part of the journey to HTTPS and Let's Encrypt doesn't help people redirect to HTTPS, add HSTS, configure the versions of TLS they support or fix HTTP references in otherwise secure pages. All of this is really important for a robust HTTPS implementation and all of it's possible in Cloudflare with mere button clicks. To be honest, the significance of this really only became clear to me when recording these videos just yesterday; Cloudflare makes it so easy not just to get the site served over HTTPS, but to do all the other things you need to do for HTTPS to work properly.

In the final video, I secure the network segment between Cloudflare and the web server by loading one of their origin certificates into Azure. Because I know people will ask, go get yourself OpenSSL then the command I ran is as follows:

openssl pkcs12 -export -inkey httpsiseasy.key -in httpsiseasy.pem -name httpsiseasy -out httpsiseasy.pfx

Frankly, I can't see the demographic I've targeted this series at going down this path that often, in part because of the technical complexity (and yes, grabbing OpenSSL and running commands will be a bar too high for many) and also in part because many hosting providers still don't provide the ability to upload your own cert (such as Ghost Pro that this blog runs on). And before anyone loses their minds over the entire network not being encrypted or Cloudflare being able to MitM the traffic, have a read of CloudFlare, SSL and unhealthy security absolutism.

Finally, because some people will inevitably wonder, this isn't a commercial activity on my behalf; Cloudflare didn't engage me to create this and it'll come as a surprise to them the first time they see it. I created this on a whim after some Twitter discussions earlier this week and I simply wanted to create the most easily accessible resource possible for helping people get their websites served over HTTPS. So share this generously, point people who don't know where to start at HTTPSIsEasy.com and help drive a more "secure by default" web.

本文转载自:https://www.troyhunt.com/https-is-easy/

共有 人打赏支持
openthings
粉丝 261
博文 971
码字总数 514168
作品 1
东城
架构师
用 easy-sync 同步mysql数据到elasticsearch

easy-sync简介 这是一个通过读取 mysql binlog实现实时同步数据到elasticsearch的产品,操作比较简单,支持多个相同结构的分表同步,支持多个任务的配置和执行。另外当修改数据库结构后,重新...

coolma2000
07/23
0
0
win7下python2.7安装 pip,setuptools的正确方法(亲测)

windows7 下 0.先安装python2.7.5 32位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.msi 64位:https://www.python.org/ftp/python/2.7.5/python-2.7.5.amd64.msi 1.下载htt......

丰_申
2016/02/01
99
0
Windows下python3安装pip管理包

方法有两种: 请参考:http://www.pip-installer.org/en/latest/installing.html#prerequisites 1.通过setuptools安装 安装setuptools,下载 https://pypi.python.org/pypi/setuptools setu......

白夜繁櫻
2013/07/16
0
0
centos python2.7 easy_install pip安装

倒腾了三四个小时,尼玛 各种编 各种download 开始安装 首先要安装的是 zlib zlib-devel openssl openssl-devel readline readline-devel yum install zlib zlib-devel openssl openssl-deve......

薄皮儿脆沙瓤
2014/12/01
0
0
python easy_install工具安装

前提系统要先安装python 1,easyinstall介绍 一般,我们要给Python安装第三方的扩展包,我们必须下载压缩包,解压缩到一个目录,然后命令行或者终端打开这个目录,然后执行python setup.py i...

霞女
2015/11/25
141
0

没有更多内容

加载失败,请刷新页面

加载更多

OSX | SafariBookmarksSyncAgent意外退出解决方法

1. 启动系统, 按住⌘-R不松手2. 在实用工具(Utilities)下打开终端,输入csrutil disable, 然后回车; 你就看到提示系统完整性保护(SIP: System Integrity Protection)已禁用3. 输入reboot回车...

云迹
今天
3
0
面向对象类之间的关系

面向对象类之间的关系:is-a、has-a、use-a is-a关系也叫继承或泛化,比如大雁和鸟类之间的关系就是继承。 has-a关系称为关联关系,例如企鹅在气候寒冷的地方生活,“企鹅”和“气候”就是关...

gackey
今天
4
0
读书(附电子书)|小狗钱钱之白色的拉布拉多

关注公众号,在公众号中回复“小狗钱钱”可免费获得电子书。 一、背景 之前写了一篇文章 《小狗钱钱》 理财小白应该读的一本书,那时候我才看那本书,现在看了一大半了,发现这本书确实不错,...

tiankonguse
今天
4
0
Permissions 0777 for ‘***’ are too open

异常显示: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ......

李玉长
今天
5
0
区块链10年了,还未落地,它失败了吗?

导读 几乎每个人,甚至是对通证持怀疑态度的人,都对区块链的技术有积极的看法,因为它有可能改变世界。然而,区块链技术问世已经10年了,我们仍然没有真正的用上区块链技术。 几乎每个人,甚...

问题终结者
今天
2
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部