security

On this tutorial I will show you how to configure your Pound proxy server so it can take advantage of the awesome SSL service provided by Let's Encrypt.

Let's Encrypt is an open-source certificate authority that issues SSL certificates for free making use of the ACME protocol, making possible to obtain trusted certificates for your websites and operate under HTTPS:// with no browser warnings and securing your content of course.

The services also provides a command line tool called Certbot, that can be easily installed on any Linux OS and it will help creating the necessary steps in order to create the certificates for an specific domain/website.

In order to install Certbot on your server, follow the next steps: (make sure you have "git" installed on…

Read more...
Tuesday, October 11, 2016

This is a super quick guide to add certificate files to a Pound proxy, very useful when using it in environments with Varnish servers. This configuration was tested on Ubuntu 14.04 and Ubuntu 16.04

Follow the next steps that i took as sample from this site to configure Pound with a self-signed certificate, make sure to run all commands as root:

$sudo su
Pound HTTPS Configuration
The following steps will guide you through the generation of a self-signed certificate for your ]project-open[ server.
During the process you will create:
server.key: This is a 1024 bit random string ("private key") that uniquely identifies your server
server.csr: This is a "Certificate Signing Request" file. You can send this to a Certificate…
Read more...
Friday, June 17, 2016

Update: I have updated this tutorial to a latest release of Varnish, read here.

By default, Varnish does not work and it will never work with HTTPS requests it only understands plain HTTP. This means, that on mixed content websites, sites serving HTTPS and HTTP pages, the secure pages won't be or cannot be cached on Varnish reducing the load time compared to the non-secure version of the page for example.
There are many sites that offer lots of static content through HTTPS that can definitely be cached using Varnish and in order to do so we need to implement an extra layer before any request goes to our Varnish Server. This layer is going to be handled by a Load Balancer/Proxy Server which will take care of routing the HTTP and the HTTPS requests, by interpreting SSL and converting the…

Read more...
Friday, March 27, 2015