On this tutorial I will show you how to configure your Pound proxy server so it can take advantage of the awesome SSL service provided by Let's Encrypt.

Let's Encrypt is an open-source certificate authority that issues SSL certificates for free making use of the ACME protocol, making possible to obtain trusted certificates for your websites and operate under HTTPS:// with no browser warnings and securing your content of course.

The services also provides a command line tool called Certbot, that can be easily installed on any Linux OS and it will help creating the necessary steps in order to create the certificates for an specific domain/website.

In order to install Certbot on your server, follow the next steps: (make sure you have "git" installed on…

Tuesday, October 11, 2016

This is a super quick guide to add certificate files to a Pound proxy, very useful when using it in environments with Varnish servers. This configuration was tested on Ubuntu 14.04 and Ubuntu 16.04

Follow the next steps that i took as sample from this site to configure Pound with a self-signed certificate, make sure to run all commands as root:

$sudo su
Pound HTTPS Configuration
The following steps will guide you through the generation of a self-signed certificate for your ]project-open[ server.
During the process you will create:
server.key: This is a 1024 bit random string ("private key") that uniquely identifies your server
server.csr: This is a "Certificate Signing Request" file. You can send this to a Certificate…
Friday, June 17, 2016

Run a script when the system starts up or reboots on Ubuntu.

1) Create script, on this example I'm starting the gluu-server service as the root user

$sudo nano /etc/init.d/MyScriptName

Copy/paste the following script, update accordingly:

#! /bin/sh
# /etc/init.d/MyScriptName

case "$1" in
    echo "Attempting to Start Gluu Server..."
    sudo -H -b service gluu-server start
    echo "Attempting to Stop Gluu Server..."
    sudo -H service gluu-server stop
    echo "Usage: /etc/init.d/MyScriptName {start|stop}"
    exit 1

exit 0

2) Give the script executable permission

$sudo chmod +x /etc/init.d/MyScriptName

3) Tell script to run at startup. This tells the script be the first to shutdown and the last to…

Monday, July 13, 2015

Update: I have updated this tutorial to a latest release of Varnish, read here.

By default, Varnish does not work and it will never work with HTTPS requests it only understands plain HTTP. This means, that on mixed content websites, sites serving HTTPS and HTTP pages, the secure pages won't be or cannot be cached on Varnish reducing the load time compared to the non-secure version of the page for example.
There are many sites that offer lots of static content through HTTPS that can definitely be cached using Varnish and in order to do so we need to implement an extra layer before any request goes to our Varnish Server. This layer is going to be handled by a Load Balancer/Proxy Server which will take care of routing the HTTP and the HTTPS requests, by interpreting SSL and converting the…

Friday, March 27, 2015

Another good option to run Drupal sites nowadays is Nginx. Nginx is a Proxy/Web Server not as complex as Apache and is well known for is security, responsiveness and speed when handling PHP apps together with PHP-FMP. On this this post I will introduce you on how to manually install and run Nginx and PHP-FPM so you can host any Drupal site with SSL support.

Recommended posts:

The suggested installation instructions by
Perusio Nginx suggested Drupal Configuration…

Thursday, February 26, 2015