There important reasons to use HTTPS. It makes your systems more secure, helps to protect your users privacy, and will prevent others to hijack your account to deface your site.
If you’ve ever tried to secure your site you may have found how hard it is. You have to generate a private key, a certificate signing request, upload that request somewhere, pay, process the e-mail, upload the certificate, configure your server and set a reminder that in 1, 2, 3 or 5 years you’ve got to go through most of that same process again (which I described before in more detail in an earlier "how I do it"-article. Well, no longer! Enter: Let’s encrypt.
> Actually, Let’s encrypt is so easy that I had doubts whether I should even write this post. But maybe it wins an extra soul or two over.
The recommended way to get sta…
- shared 12 May ´17 Uncensorable Wikipedia on IPFS
- twitter 09 Jan ´17 nb: slechts “waar persoonsgegevens en andere gevoelige gegevens worden gecommuniceerd” #https #privacy
- twitter 09 Jan ´17 Dan pas @RPlasterk? “uiterlijk(!) eind 2017 versleutelde verbindingen overal op overheidswebsites” https://www.rijksoverheid.nl/documenten/kamerstukken/2017/01/09/beantwoording-kamervragen-berichten-helft-websites-overheid-onveilig-en-veel-overheid-websites-onnodig-onveilig #https
- twitter 03 Aug ´16 @svandragt with @letsencrypt there is no excuse anymore for not using #https (it's very easy) Other I don't know :o
Still waiting for pipe-lining to become mainstream
Sometimes I get a bit upset about a state a project I get to work on is in. Recently I came across a project which frontend served over 30 files that could be reduced easily to about 10. I got upset because to me it is like one of the basic things you have to be aware of as a web developer. I told the others working on the project that is a problem that should be fixed, to optimize speed. But later that day, in bed, I started wondering because the pages were served using HTTPS: was I actually correctin stating it as a problem? Well, currently still yes.
I started wondering because I remembered something about 'pipe-lining'. A year ago I turned on the experimental SPDY protocol a year ago, which supports asynchronous pipe-lining. Pipe-lining allows browsers to request all files in one request, which diminishes the reason why a developer should try to reduce the numbers of file…
Setting up https/spdy communication for your website with nginx
In case you do something with user accounts on your website, you definitely want to make sure you're using https. In general it protects the user's privacy, also when just reading content on your website. The only thing that can be seen by a middleman is that the person is viewing something at your server, the rest is all encrypted. And since Google has started to rank https-websites higher it has even become a SEO technique :) ). This article explains you how to serve your pages over https.
Update: a better option exists nowadays for non-domain validated certificates: Let's encrypt!
While the path to your server from someones desktop could be considered relatively ok in the past (harder to tap, putting a lot of trust in everything from the ISP to the internet exchanges and everything else in between), things have changed now. Wit…
- delicious 19 May ´14 Certificate Patrol :: Add-ons for Firefox
- twitter 25 Oct ´10 wondering #why a selfsigned #certificate based #https connection is bad, while no #browser complains about #unencrypted #http connections
Dit artikel van murblog van Maarten Brouwers (murb) is in licentie gegeven volgens een Creative Commons Naamsvermelding 3.0 Nederland licentie .