Changes

Jump to navigation Jump to search

Generic website infrastructure setup

873 bytes added, 1 year ago
no edit summary
=SSL encryption=
The SSL encryption enable the encrypt the traffic between the user web browser and the server so even if someone is able to intercept the traffic he won't be able to see you passwords, website content ... the SSL encryption is configured at the virtual host level
# '''Certificat generation with Openssl (selfsigned)'''<source lang="bash">openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650 </source> You can also add -nodes if you don't want to protect your private key with a passphrase, otherwise it will prompt you for "at least a 4 character" password. The days parameter (3650) you can replace with any number to affect expiration date. It will then prompt you for things like "Country Name" but you can just hit enter and accept defaults. Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain) Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a trusted CA like let's encrypt (free), globalsign, Norton ... # '''Certificat generation with Let's encrypt'''# '''Configuration of the virtual host'''# '''Let's encrypt certificate renewal '''
=Advanced setup=
# '''virtualisation'''# '''LXC container'''# '''Docker'''# '''pfSense'''
40

edits

Navigation menu