Ode To My Family#comic #sysadmin #linux #development #CloudComputing https://t.co/hu0A3odXn2 pic.twitter.com/RiawlwbyzA— turnoff.us (@turnoff_us) March 9, 2017
Not that I can fix any of those either.
I set up ssl with Let's Encrypt for an experiment yesterday following a handy guide on the FreeBSD wiki. The guide suggested this mozilla tool for generating server configs with good parameters.
With the tool I was only able to hit an A rating on the ssllabs testing
site, the A+ rating was annoyingly elusive. I am using
nginx as vhost for a
go web service, for HSTS a header has to be appended to the response. The
config from Mozilla does this for
nginx like this:
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security max-age=15768000;
But, the hosted application has control over the response headers.
be configured to always set the header with the
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) add_header Strict-Transport-Security "max-age=15768000" always;
Reading: Gun Machine, The Difference Engine
Aberdeen, Scotland: 12°C, Light rain until afternoon.