SoylentNews is people
SoylentNews
Back in March I asked you guys if I should put SSL on my mcgrewbooks.com site, since it appeared that it would raise my hosting cost by $25 a year, and there was no technical reason to have it; there is no personal information collected whatever.
I gave a lot of thought to the comments for months, and yesterday decided to go ahead and spend the money; I just put three grand on my mortgage principal. So I went to R4L’s web site to find where I could add SSL. I couldn’t find it.
However, their help is actually a Canadian who helps through text chat, who informed me that paid hosting came with SSL, I simply had to turn it on.
Well, it wasn’t that simple, as they’re upgrading their tools and I ran across a couple of 404s. But I finally found the correct widget to click, so the unnecessary lock is no longer broken.
My other site still has a broken lock, but it’s a “free” site. Registration there is $15, but you get ten megabytes of hosting. Those are the kind of site that an extra $25 buys SSL, and you might as well pay for hosting. It isn’t much more, and it isn’t hard to fill ten megs. Almost all of the images at mcgrew.info are either on Wikipedia (which reminds me, I should donate again) or mcgrewbooks.
I wish I would have known that five years ago! But I’m still more than happy with R4L.
Since R4L is Canadian, whose internet laws apply? America’s? Canada’s? Both? Neither?
(Score: 2) by RS3 on Sunday October 17 2021, @05:20AM (2 children)
Wow, thank you for all of that. Yes, I'm pretty careful and consistent with config files and most of what you describe. But when I get some time to try it again, I'll use everything you've so kindly written, and thank you again.
It seems different Linux distros set up Apache different ways, so that makes following tutorials / how-tos a bit complex, but I got it together and Apache would run, just no response to the https request. I've been doing systems admin and software development for a long time (hw too!) so I can handle it. It's just a bit annoying to try to correlate a tutorial aimed at Debian and derivatives, when I'm running CentOS. But I'm probably about to switch to Devuan, so, well, that first.
I like the idea of separate config file for http and https.
It is a live server with many virtual hosts.
I'm very good at copying httpd.conf to httpd.conf_10-14-21 or some such, and make backup copies.
It might be weeks before I get enough time to focus on this thing. Main job and other critical responsibilities are taking up all of my time these days...
(Score: 1, Informative) by Anonymous Coward on Sunday October 17 2021, @07:30AM (1 child)
I mentioned this to a person I know, she said CentOS doesn't use the standard directory setup of most distros. However, we've (well, she) changed it so it is closer to the standard setup on our machines but that isn't the default. Regardless, setting this up should be easier with Devuan, which does a bit clearer (IMHO) separation of global/module/site configuration by default. And when you do come to that phase, you don't have to do all the TLS stuff at once. Each of those steps is doable on their own without breaking anything that works and can have plenty of time between them.
She also said that if you have a standard CentOS setup, certbot from the EFF can do the TLS configuration changes for you automatically, including the module installation and RedirectMatch. That might be worth a try if you want a safe and usable setup with minimum effort and don't really care to learn step by step.
(Score: 2) by RS3 on Sunday October 17 2021, @05:45PM
Thank you so much! I had not tried certbot and probably wouldn't at the time. I generally don't like, well, haven't had good results from software that tries to write / edit configuration files. That said, I've used many and learned from the outputs, but kept copies of default / previous iterations. A great example is "samba swat". It showed me some things I didn't know about, but it made a mess (which I cleaned up). But I'll try certbot with the new system, whenever I get around to it.
I'm a Slackware guy firstly, but I haven't deployed it live. As much as I like it and am totally familiar with it, I'd hate for someone else to have to deal with it, for whatever reason, and curse me for installing Slackware.
I did not like Red Hat when it came out, and it took a while for me to warm up to it. Acquired taste and all I guess.
Tried and like many others. I prefer to stay away from systemd. Someone here (you?) gave me some great info on systemd, but I just don't like the idea of it, and I don't see how it's necessary or a benefit. I'm good with admin, and I need stability and predictability.
I really like Alpine but like too many it doesn't have good package management (IMHO). So it's on to Devuan, and I think I'll like it.
Thanks!