the itjerk

my adventures with technology

Monthly Archives: June 2013

ssl and your server

Setting up ssl to your server is quite easy. Getting everything to work correctly is also a pretty easy, especially with some good guidance. Why use ssl? Because it encrypts traffic so no one can listen in on it. Really, it's that simple. Just like closing open ports on a server, by encrypting packets, your traffic is secure.

I purchased a ssl certificate from Go Daddy because it was $5.99/year. That's cheap. They have pretty good instructions on their site on how to generate it, but the gist of the matter is to first generate a key, then have your ssl-provider verify who you are and generate a certificate that matches that key. You'll also need an intermediate certificate (certificate authority or "ca") from the ssl-provider.

Once you have the certificate, you'll need to set it up on your server. Easy enough, just copy the key, cert and ca files to /path/to/your/certs, and make sure the permission are 600 for each file. Once installed you'll then need to configure services to use the cert, setting a path to the crt, key and ca files. Also remember to open any ports on your server in your firewall so you can get their in the first place (like 443 for https)!

For Apache2, you'll need to copy your /etc/apache2/sites-available/default file to /etc/apache2/sites-available/default-ssl and configure it for ssl. The salient parts are:

SSLCertificateFile /path/to/file/myserver.com.crt
SSLCertificateKeyFile /path/to/file/myserver.com.key
SSLCertificateChainFile /path/to/file/ca_bundle.crt

Once that's done, restart Apache, and modify .htaccess if you want to force https browsing.

For Dovecot, edit /etc/dovecot.conf and ensure the following are there:

ssl = required
ssl_cert = </path/to/myserver.com.crt 
ssl_key = </path/to/file/myserver.com.key 
ssl_ca_file = /path/to/file/ca_bundle.crt

Finally your can test your ssl installation at Digicert by providing the hostname.com:port. You'll want to check 443, pop3s or imaps.

You can also test your ssl installation with the openssl command, e.g.:

openssl s_client -connect myserver.com:port
Advertisements

webhosting

Have you ever met anyone that is completely satisfied with their web host? Admittedly, one person's web host is certainly not another's. On one end of the scale, there are the complete "n00bs", those looking for template/one-click instant websites. In the middle are those that live for the control panel – options galore, lots of things to play with – but watch out when something doesn't work, aka the dreaded support-ticket. The other end are the experts, those that say "you keep the hardware running and bandwidth flowing and I'll take care of the software, thank you very much". You know, those that want c-o-n-t-r-o-l.

I've had surprisingly few web hosts over the past decade or so, Hostway and Dotster quickly come to mind. Neither were that bad at any one thing, but I'm not sure if I could find myself recommending either without qualification. Price, ease of use, uptime, yes, it's all fine and dandy, but did either earn superlatives, like "they're the best", "never had an issue", "great support"? Not really.

Enter Digital Ocean. They offer "droplets" – little virtual private servers you can create quickly. The price is right, $5 per month for your own little fluffy cloud on the internet, a 20GB SSD with 512MB RAM, and 1TB of Tier 1 bandwidth. You pick the OS, configure the DNS, and do EVERYTHING yourself. And there's the challenge: no control panel, no telephone support, no mail, scripts or templates: no nothing, other than shell access to your server. Ooooh, the geek in me wants one! And after a couple introductory email questions, I was presented with a $10 coupon, so yes, I took the bite and signed up.

And there I went, giving them a credit card, picking my OS, setting up a domain, and before I knew it, I was up and running. Next, after an apt-get update/upgrade and reboot, I installed LAMP, Drupal, vsftp, iptables, configured .htaccess and php mod_rewrite (for Drupal to work with clean urls), a few more apache2 tweaks, upload all of my website (which was the real chore), and viola, here I am, with a copy of my site running on a fully-functioning server that I configured by myself. Of course, I have one on my test server at home, but this one is in the cloud. Digital Ocean's documentation is very good and gets you most of the way there, though things like installing Drupal will only take you so far. But that's the fun of it – figuring it all out and making it work.

I am the web host.

On the web (referral link):
Digital Ocean Cloud Server/VPS