Changes

Generic website infrastructure setup (view source)

Revision as of 12:16, 21 October 2018

873 bytes added , 5 years ago

no edit summary

Line 35: Line 35:

=SSL encryption=

The SSL encryption enable the encrypt the traffic between the user web browser and the server so even if someone is able to intercept the traffic he won't be able to see you passwords, website content ... the SSL encryption is configured at the virtual host level

−

# Certificat generation with Openssl (selfsigned)

+

# '''Certificat generation with Openssl (selfsigned)'''

−

# Certificat generation with Let's encrypt

+

−

# Configuration of the virtual host

+

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3650

−

# Let's encrypt certificate renewal

+

</source>

+

You can also add -nodes if you don't want to protect your private key with a passphrase, otherwise it will prompt you for "at least a 4 character" password. The days parameter (3650) you can replace with any number to affect expiration date. It will then prompt you for things like "Country Name" but you can just hit enter and accept defaults.

+

Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain)

+

Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a trusted CA like let's encrypt (free), globalsign, Norton ...

+

# '''Certificat generation with Let's encrypt'''

+

# '''Configuration of the virtual host'''

+

# '''Let's encrypt certificate renewal'''

=Advanced setup=

−

# virtualisation

+

# '''virtualisation'''

−

# LXC container

+

# '''LXC container'''

−

# Docker

+

# '''Docker'''

−

# pfSense

+

# '''pfSense'''

Delcroip

41

edits

Changes

Generic website infrastructure setup (view source)

Revision as of 12:16, 21 October 2018

Navigation menu

Search