[Nix-dev] how to successfully install owncloud/nextcloud
Mike Cooper
mythmon at elem.us
Fri Oct 14 22:33:29 CEST 2016
StartSSL/StartCom/Wocom has recently come under fire for some insecure
practices in handling of certificates. [0] There is a risk those certs
won't be trusted in major browsers in the near future. Also, their site is
sort of a pain.
LetEncrypt [1] is standing on much better security ground, and is generally
well liked by browsers (Mozilla had a hand in its creation). They are also
free. I'd recommend using them.
[0]:
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
[1]: https://letsencrypt.org/
On Fri, Oct 14, 2016 at 11:21 AM Bjørn Forsman <bjorn.forsman at gmail.com>
wrote:
> On 14 October 2016 at 20:06, Stefan Huchler <stefan.huchler at mail.de>
> wrote:
> > Hello Bjorn,
> >
> > thanks that looks interesting, worked and as easy as I expect it from
> > nixos :)
> >
> > One more thing how difficult would it be to add https?
>
> The most difficult part (IMHO) is getting the certificate : -)
>
> I use something like:
>
> services.lighttpd.extraConfig = ''
> # Lighttpd SSL/HTTPS documentation:
> # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL
>
> $HTTP["host"] == "myserver.example" {
> $SERVER["socket"] == ":443" {
> ssl.engine = "enable"
> ssl.pemfile = "/etc/lighttpd/certs/myserver.example.pem"
> ssl.ca-file = "/etc/lighttpd/certs/1_Intermediate.crt"
> }
>
> # Force https scheme for nextcloud
> $HTTP["scheme"] == "http" {
> $HTTP["url"] =~ "^/nextcloud" {
> url.redirect = ("^/.*" => "https://myserver.example$0")
> }
> }
> }
> '';
>
> You can get free certificate from startssl.com (that's what I use).
>
> Best regards,
> Bjørn Forsman
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161014/420b5ecf/attachment-0001.html>
More information about the nix-dev
mailing list