Preamble First of all, I’d like to thank the crew of #postgresql and #centos on freenode for all the help, much appreciated! The scenario is the Foobar company with Active Directory as the directory service. They use CentOS 7 application servers, among them PostgreSQL. The company’s domain name is foobar.com, and the corresponding AD domain […]
First off, you need a CentOS instance. If you want to go the VPS route, I recommend Vultr. If you don’t have an account yet, I’d really appreciate if you could use my affiliate link when signing up 🙂 Once done, you also need an SSL certificate. Then you can use my script to do […]
Preface I already covered Azure DNS, it’s time to cover Cloudflare, too. If you haven’t done so yet, sign up to Cloudflare (it’s free), and move your domain name to Cloudflare. Note: Cloudflare can (and in fact does, by default) proxy your website and generate SSL certificates for you automatically (which you can disable by […]
Might be old news, but I noticed this just now. The CA is, of course, Let’s Encrypt. Kudos to them for providing free certs to the world! I quickly enabled it on this site – then realized I was dumb enough to insert all images with http://. So I had to update all those friggin’ […]
Some time ago the folks at Let’s Encrypt announced that there’ll be some rebranding and stuff. It seems that has materialized just now with EFF’s announcement of Certbot: Announcing Certbot: EFF’s Client for Let’s Encrypt This should be really just a rebranding, no radical underlying changes. They’ve also set up a nice website for the […]
That’s right folks, the Let’s Encrypt client has just been committed to EPEL! Now all you have to do on EL-based distros: yum update yum install letsencrypt letsencrypt certonly -d foo.bar -d www.foo.bar No more git clone, no more GCC, kernel headers, virtualenv and pip for letsencrypt-auto, it simply just works. The certs will be […]
So you install Jenkins and also deploy Nginx over it. Eventually you also enable, or even enforce SSL. Later, you may get really cocky and also setup required protocol versions and ciphers suites. And that’s where the shit may hit the fan. So here’s a rather strict Nginx SSL configuration excerpt: ssl_protocols TLSv1.2; ssl_session_cache builtin:1000 […]