More work today on HD

Little or nothing to do with distillation.

Moderator: Site Moderator

Post Reply
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

More work today on HD

Post by Uncle Jesse »

Finally set up HD to use Let's Encrypt as our certificate authority. As you can see, HD gets a pretty good score, though not perfect. I'll keep tweaking things to make it as good as possible.

For now, https connections are very secure. I plan to configure the site so that it only accepts https connections. This change should be seamless and invisible to most, assuming your browser is reasonably updated.

More work to come, I'm always looking to improve things.
Attachments
qualsys.png
If only the best birds sang, the woods would be silent.
User avatar
shadylane
Master of Distillation
Posts: 10363
Joined: Sat Oct 27, 2007 11:54 pm
Location: Hiding In the Boiler room of the Insane asylum

Re: More work today on HD

Post by shadylane »

Thanks UJ :thumbup:
User avatar
nuntius01
Rumrunner
Posts: 705
Joined: Thu Jun 08, 2017 4:51 pm
Location: upper midwest

Re: More work today on HD

Post by nuntius01 »

im impressed
I'm just the bank and the mule

post your still pics here
http://homedistiller.org/forum/viewtopi ... 16&t=66917
User avatar
Bushman
Admin
Posts: 17988
Joined: Tue Mar 30, 2010 5:29 am
Location: Pacific Northwest

Re: More work today on HD

Post by Bushman »

+1, not easy to maintain a site with this much traffic.
RedwoodHillBilly

Re: More work today on HD

Post by RedwoodHillBilly »

Uncle Jesse wrote:Finally set up HD to use Let's Encrypt as our certificate authority.
Great. I've heard of them. They just passed the 100 million mark. Just curious, why is the cert only good for 3 months? Is this normal and you have to get another one every 90 days?
StillerBoy
Master of Distillation
Posts: 3387
Joined: Thu Dec 01, 2016 6:27 pm
Location: Ontario

Re: More work today on HD

Post by StillerBoy »

Thanks Dave for the hours you put into the up keep of this site.. greatly appreciated..

Mars
" I know quite certainly that I myself have no special talent. Curiosity, Obsession and dogged endurance, combined with self-criticism, have brought me to my knowledge and understanding "

– Albert Einstein
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

RedwoodHillBilly wrote:
Uncle Jesse wrote:Finally set up HD to use Let's Encrypt as our certificate authority.
Great. I've heard of them. They just passed the 100 million mark. Just curious, why is the cert only good for 3 months? Is this normal and you have to get another one every 90 days?
The certs are free and I assume only last 3 months to make security a top priority.

I have an automatic cron job which checks the cert every night and replaces it automatically when it's about to expire.
If only the best birds sang, the woods would be silent.
RedwoodHillBilly

Re: More work today on HD

Post by RedwoodHillBilly »

Uncle Jesse wrote: I have an automatic cron job which checks the cert every night and replaces it automatically when it's about to expire.
Good idea, I may have to steal it. I've been using self signed certs for my own server (running on an Asus router that doesn't do routing, may replace with RPi3), but I'm the only one that uses it. Maybe I'll try Let's Encrypt.
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

RedwoodHillBilly wrote:
Uncle Jesse wrote: I have an automatic cron job which checks the cert every night and replaces it automatically when it's about to expire.
Good idea, I may have to steal it. I've been using self signed certs for my own server (running on an Asus router that doesn't do routing, may replace with RPi3), but I'm the only one that uses it. Maybe I'll try Let's Encrypt.
I assume this is a home router? Which OS would you use on the rpi3? I'd probably go with NetBSD even though I'm a FreeBSD guy. NetBSD just has the support for all the oddball devices.
If only the best birds sang, the woods would be silent.
RedwoodHillBilly

Re: More work today on HD

Post by RedwoodHillBilly »

Uncle Jesse wrote: I assume this is a home router? Which OS would you use on the rpi3? I'd probably go with NetBSD even though I'm a FreeBSD guy. NetBSD just has the support for all the oddball devices.
ya, this is for home. I have Comcast business with 5 statics. For the RasPi, I would probably be lazy and use Rasbian. On the Asus I use DDWRT and the OptWare packages. With the Pi, I would have to check if the packages I need are available, I would assume so. I just run e-mail (SMTP & POP3), a simple web server (lighttpd), Authoritative DNS server, Open VPN, & an MQQT server. So my requirements aren't that great for my home system. Anything that doesn't have SystemD is ok, I prefer SystemV init systems. I don't want a windows like system with all of the cruft.
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

RedwoodHillBilly wrote:
Uncle Jesse wrote: I assume this is a home router? Which OS would you use on the rpi3? I'd probably go with NetBSD even though I'm a FreeBSD guy. NetBSD just has the support for all the oddball devices.
ya, this is for home. I have Comcast business with 5 statics. For the RasPi, I would probably be lazy and use Rasbian. On the Asus I use DDWRT and the OptWare packages. With the Pi, I would have to check if the packages I need are available, I would assume so. I just run e-mail (SMTP & POP3), a simple web server (lighttpd), Authoritative DNS server, Open VPN, & an MQQT server. So my requirements aren't that great for my home system. Anything that doesn't have SystemD is ok, I prefer SystemV init systems. I don't want a windows like system with all of the cruft.
Never used systemd and never will. What a ridiculously stupid mistake that nonsense is.

It's gotten quite a few folks over to FreeBSD though. I hear OpenBSD is recreating a few of the key elements since they use Gnome as the default WM and Gnome now depends on a few key parts of systemd.

If I can't view/modify a config, rc file or log with VI, I don't want to use that OS.
If only the best birds sang, the woods would be silent.
RedwoodHillBilly

Re: More work today on HD

Post by RedwoodHillBilly »

Uncle Jesse wrote:
Never used systemd and never will. What a ridiculously stupid mistake that nonsense is.

It's gotten quite a few folks over to FreeBSD though. I hear OpenBSD is recreating a few of the key elements since they use Gnome as the default WM and Gnome now depends on a few key parts of systemd.

If I can't view/modify a config, rc file or log with VI, I don't want to use that OS.
WM & Gnome, what is that you speak of? :shock: I tend to use the command line for my servers. Don't need no stinkin' GUI :)

I've heard good things about FreeBSD, I should check it out.

The masochist in me wants to run a gentoo distro (build the airplane before you can fly it). But I'm too old for that shit. I've been using Linux since 1996 and always compiled my own kernel and support packages, but I don't want to have to build everything that I run.

I guess that's why I now use a small Asus router for my server instead of using a larger server with Apache, Bind, and Sendmail like I used to. That and it's very low power (my T-Mobile femto cell, cable modem, wireless router, and server uses 25W) which makes the UPS last longer.
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

RedwoodHillBilly wrote:
Uncle Jesse wrote:
Never used systemd and never will. What a ridiculously stupid mistake that nonsense is.

It's gotten quite a few folks over to FreeBSD though. I hear OpenBSD is recreating a few of the key elements since they use Gnome as the default WM and Gnome now depends on a few key parts of systemd.

If I can't view/modify a config, rc file or log with VI, I don't want to use that OS.
WM & Gnome, what is that you speak of? :shock: I tend to use the command line for my servers. Don't need no stinkin' GUI :)

I've heard good things about FreeBSD, I should check it out.

The masochist in me wants to run a gentoo distro (build the airplane before you can fly it). But I'm too old for that shit. I've been using Linux since 1996 and always compiled my own kernel and support packages, but I don't want to have to build everything that I run.

I guess that's why I now use a small Asus router for my server instead of using a larger server with Apache, Bind, and Sendmail like I used to. That and it's very low power (my T-Mobile femto cell, cable modem, wireless router, and server uses 25W) which makes the UPS last longer.
I run lots of servers without X11 but many which also run it. At work our unix based app uses X11 for the users.

And right now I'm on a FreeBSD box using firefox as I post this. I use Lumina though, not Gnome. Too heavy with dependencies and bells and whistles. I don't want or need all that.

I've used FreeBSD since the beginning. Used some Linux but not nearly as much. I do run OpenELEC on a rpi2 though and it's pretty cool.
If only the best birds sang, the woods would be silent.
RedwoodHillBilly

Re: More work today on HD

Post by RedwoodHillBilly »

Had to look up OpenELEC. I haven't used a media server since MythTV. It spoiled me with it's smart commercial identification. But I don't watch that much TV anymore. I do have a QNAP NAS that has all of my media on it.
User avatar
MoonBreath
Site Donor
Site Donor
Posts: 2238
Joined: Thu Jan 31, 2013 7:34 pm
Location: Horseshoe Bend, Ky.

Re: More work today on HD

Post by MoonBreath »

Say what? Say how? :D Dad was in crypto, then lifetime at Westinghouse, most in tcc center running the computer room (huge), before headn up company payroll.
But I didn't go tech, opting for oilrigs and towboats along with powerplants and auto dealerships ..Mechanical not technical.
I can't imagine what it takes to keep the site safe and runnin.
Thanks UJ, folks like you keep the world on axis.
Makes a feller want to kick in.
*Spend it all, Use it up, Wear it out*
Beware of sheet-sniffers and dime-droppers!
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

Finally got it to A+!
Attachments
hd.png
If only the best birds sang, the woods would be silent.
User avatar
Oldvine Zin
Site Donor
Site Donor
Posts: 2414
Joined: Sat Jun 06, 2015 9:16 pm
Location: Pacific Northwest

Re: More work today on HD

Post by Oldvine Zin »

:thumbup: :thumbup:

OVZ
User avatar
nerdybrewer
Site Donor
Site Donor
Posts: 1642
Joined: Thu Jan 23, 2014 3:00 pm
Location: Pacific Northwest

Re: More work today on HD

Post by nerdybrewer »

Uncle Jesse wrote:Finally got it to A+!
UJ - this - and you - are AWESOME!!
Thank you!
Cranky's spoonfeeding:
http://homedistiller.org/forum/viewtopic.php?t=52975

Time and Oak will sort it out.
User avatar
cede
Site Donor
Site Donor
Posts: 363
Joined: Wed Jan 12, 2011 6:39 am
Location: Canada

Re: More work today on HD

Post by cede »

Wow nice :)
Letsencrypt is really cool. I have used it on a few sites that does not need the insurances, bells and whistle.

+1 for FreeBSD ! I started using it for web servers in 1992, it's so stable and I could strip the 4.x on a 64MB CF memory card :)
I also used the OpenBSD on Ultrasparc and it was freaking fast at the time.

Glad everything is going fine for the server, the site and the forum.
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

cede wrote:Wow nice :)
Letsencrypt is really cool. I have used it on a few sites that does not need the insurances, bells and whistle.

+1 for FreeBSD ! I started using it for web servers in 1992, it's so stable and I could strip the 4.x on a 64MB CF memory card :)
I also used the OpenBSD on Ultrasparc and it was freaking fast at the time.

Glad everything is going fine for the server, the site and the forum.
Talking my language!
If only the best birds sang, the woods would be silent.
User avatar
cede
Site Donor
Site Donor
Posts: 363
Joined: Wed Jan 12, 2011 6:39 am
Location: Canada

Re: More work today on HD

Post by cede »

Uncle Jesse wrote: Talking my language!
FreeBSD can take you anywhere :)
You made me check one of my server and it is not up todate as it got a F at the test. Need to patch that tomorrow !
User avatar
raketemensch
Site Donor
Site Donor
Posts: 2001
Joined: Sun Nov 09, 2014 2:10 pm
Location: Tralfamadore

Re: More work today on HD

Post by raketemensch »

cede wrote:
Uncle Jesse wrote: Talking my language!
FreeBSD can take you anywhere :)
You made me check one of my server and it is not up todate as it got a F at the test. Need to patch that tomorrow !
I know we’re not supposed to get political, but that’s why I use a Mac :)

It’s the smoothest Unix/Linux/BSD workstation I’ve ever had.
User avatar
cede
Site Donor
Site Donor
Posts: 363
Joined: Wed Jan 12, 2011 6:39 am
Location: Canada

Re: More work today on HD

Post by cede »

Ahahah !
I had an Apple II, you know the one with the tiny screen in the squared box that runned appletalk network....
Went on PC for decades because it was cheaper, but got back to mac because I had to do video editing. I'm glad I did !
Then I converted the board of directors at work, one by one, and now I do not hear anyone yelling at his computer anymore !
BSD are the most stable and secure unices I worked with.
Uncle Jesse
Site Admin
Posts: 3924
Joined: Wed Apr 21, 2004 3:00 pm

Re: More work today on HD

Post by Uncle Jesse »

raketemensch wrote:
cede wrote:
Uncle Jesse wrote: Talking my language!
FreeBSD can take you anywhere :)
You made me check one of my server and it is not up todate as it got a F at the test. Need to patch that tomorrow !
I know we’re not supposed to get political, but that’s why I use a Mac :)

It’s the smoothest Unix/Linux/BSD workstation I’ve ever had.
At it's heard, the MacOS started as Mach and FreeBSD. Of course, it's come a long way since then. Jordan of the FreeBSD project and later head of Unix group at Apple is a good friend of mine.
If only the best birds sang, the woods would be silent.
Post Reply