With the advent of the fully automated and free of cost certificate authorities Let’s Encrypt and StartCom there is no doubt that the future of CAs are changing.Read More The future of Certificate Authorities
Let’s install an SSL-certificate from Let’s Encrypt for Nginx.Read More Let’s Encrypt for Nginx
All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your […]Read More Redirect all HTTP requests to HTTPS with Nginx
Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, […]Read More HTTP Public Key Pinning (HPKP)
Now that you have secured Nginx with HTTPS and enabled SPDY enabled HTTP/2, it’s time to improve both the security and the performance of the server.Read More Optimizing HTTPS on Nginx
SPDY is this new, cool, fast protocol created by Google that “replaces” HTTP (the first draft of HTTP 2.0 is using SPDY as the working base). It is supported in all the major browsers – yes, even Internet Explorer – with the exception of Apple’s Safari.Read More Enabling SPDY with Nginx
Adding a certificate and using the HTTPS protocol is a good improvement to the security in the communication between the browser and the server, and should be in place on all sites that have a user login. Contrary to what many (older) guides say, it doesn’t add much load on your server and is fairy […]Read More Securing Nginx with HTTPS
TL;DR: Varnish lacks support for SSL and SPDY. Nginx handles it just fine, and has very fast cache with either memcache or disk storage (ramdisk). Both can serve stale cache if your backend is down. But Nginx can not write to the memcache storage directly, it has to be done by the application. Also, Nginx […]Read More Caching: Varnish or Nginx?