|
reading posted:How is reselling hosting space a market? Usually it is tied to someone churning out basic template websites to small businesses and individuals.
|
# ¿ May 24, 2015 01:32 |
|
|
# ¿ Apr 28, 2024 23:05 |
|
Well lets encrypt went beta/live and pretty good albeit some weird quotas on IPv6 addressing (especially if you are on Linode). Puny code is not available in the beta, and Nginx is not supported for automated configurations. I am surprised Nginx has pretty awful non-obvious SSL configuration, everything else is not too bad. I have A+ rating on SSL Labs SSL Server Test but it appears that means all old versions of MSIE are blocked MrMoo fucked around with this message at 01:07 on Dec 5, 2015 |
# ¿ Dec 5, 2015 01:05 |
|
I just tested a server at work and it managed an A- grade supporting all the way back to IE8/XP. That rules out SNI though for SSL virtual hosting so I don't care too much for that.
I think the certificate chain support for OCSP stapling is a bit messed up in Nginx with Let's Encrypt. I'm not going to run it on anything important for a while.
|
# ¿ Dec 5, 2015 01:24 |
|
Rufus Ping posted:This isn't configured properly for https://www. What should it be doing? There is vanilla http://www.yorkion.com redirecting to https://yorkion.com. If I need https://www.yorkion.com to redirect to https://yorkion.com I need to register another certificate against Let's Encrypt
|
# ¿ Dec 5, 2015 04:42 |
|
The docs for Let's Encrypt now specify https://www.example.com and example.com so a bit better than before. There is a command line option "--duplicate" to pull in extra sub-domains on certificate and raises a dialog if there are new domains. The SSL Server Test tool seems happier now, thanks
|
# ¿ Dec 5, 2015 06:11 |
|
If anyone is interested I am using the configuration posted by Croc Monster earlier in this thread. OCSP stapling requires a certificate in the Nginx default_server, I'm using Nginx on CentOS 7 so it is a rather old 1.6.3 but includes support for SPDY 3.1. code:
The include file: code:
|
# ¿ Dec 5, 2015 17:37 |
|
The annoying bit afterwards is now that all embedded content needs to be HTTPS to work in modern browsers, which usually means changing all links from "http://example.com/blaa" to "//example.com/blaa". I'm using a referral link from http://ipv6-test.com but alas they don't have HTTPS on IPv6 so I had to cheat and copy their image.
|
# ¿ Dec 5, 2015 17:47 |
|
piss angel posted:read the docs, it's actually not that difficult at all and far more powerful than apache's imo. pretty much everything you need will be ssl_* I expected to be able to set some global ssl variables like the other http parameters, not having to include an entire file for every virtual host.
|
# ¿ Dec 14, 2015 17:46 |
|
Bob Morales posted:How many big ugly security breaches is that for them? Ugh. Cannot follow the link to the blog due to a DDoS, awesome sauce.
|
# ¿ Jan 5, 2016 21:13 |
|
Ugh I hope not, I'm more than 8,000 miles away from the bank I'm using for that
|
# ¿ Jan 7, 2016 01:10 |
|
clockworkjoe posted:Do you have any recommended shared hosts? Comedy option Azure, as slow as anything else I would expect.
|
# ¿ Mar 19, 2016 20:36 |
|
nem posted:RAID0 RAID 0 on SSD is an improvement from mechanical drives, from the underlying storage perspective it is reasonable as there is already error recovery in place, you are only beholden to the controller flaking out which is likely for any other chip in the data path too.
|
# ¿ Jul 7, 2016 14:41 |
|
|
# ¿ Apr 28, 2024 23:05 |
|
Hong Kong and Singapore have Amazon data centres now, performance is OK and you avoid the bureaucracy. Beware most smaller data centres are overpriced and inferior to US hosting, this is predominantly due to pressure from self-hosting and cheap metro-Ethernet connections.
|
# ¿ Oct 5, 2016 16:30 |