undefined | Better HN

0 pointsnoirscape1y ago0 comments

Honestly, hard disagree. I get the push for HTTPS, but setting up HTTPS nowadays isn't fun. It's more or less 4 steps;

1. Install and run certbot (+the DNS plugin for your DNS provider).

2. Find an nginx config file on the internet that only includes the necessary ciphers to work on modern devices. Then include that config file + lines to your cert paths that certbot spits out into your nginx config.

3. Set up a generic redirect server block to send everything on port 80 to port 443.

4. Reboot nginx.

It's at least better than fiddling with openssl directly, but this isn't fun, it's busywork.

0 comments

bruce5111y ago

I'm not sure if you're being sarcastic here or not? I mean you listed "reboot" as a whole step... which suggests sarcasm (at least to me)...

Anyway, all the steps together take what - all of 5 minutes? - that's if you do DNS Challenges. If you do HTTP challenges it doesn't even take that.

So you're saying this 5 minutes isn't worth the effort? That it's somehow too hard?

noirscapeOP1y ago

It's worth the effort, I just wouldn't use the descriptor of it being "fun". It's busywork equivalent to pointing nginx at your PHP socket. It's not fun, you're just wrangling a config file until it does what you want and the modern browsing landscape disproportionately demands HTTPS everywhere even for sites that arguably aren't really helped by it.

j / k navigate · click thread line to collapse