[Nix-dev] how to successfully install owncloud/nextcloud

Mike Cooper mythmon at elem.us
Fri Oct 14 22:33:29 CEST 2016


StartSSL/StartCom/Wocom has recently come under fire for some insecure
practices in handling of certificates. [0] There is a risk those certs
won't be trusted in major browsers in the near future. Also, their site is
sort of a pain.

LetEncrypt [1] is standing on much better security ground, and is generally
well liked by browsers (Mozilla had a hand in its creation). They are also
free. I'd recommend using them.


[0]:
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
[1]: https://letsencrypt.org/

On Fri, Oct 14, 2016 at 11:21 AM Bjørn Forsman <bjorn.forsman at gmail.com>
wrote:

> On 14 October 2016 at 20:06, Stefan Huchler <stefan.huchler at mail.de>
> wrote:
> > Hello Bjorn,
> >
> > thanks that looks interesting, worked and as easy as I expect it from
> > nixos :)
> >
> > One more thing how difficult would it be to add https?
>
> The most difficult part (IMHO) is getting the certificate : -)
>
> I use something like:
>
>   services.lighttpd.extraConfig = ''
>         # Lighttpd SSL/HTTPS documentation:
>         # http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_SSL
>
>         $HTTP["host"] == "myserver.example" {
>           $SERVER["socket"] == ":443" {
>             ssl.engine = "enable"
>             ssl.pemfile = "/etc/lighttpd/certs/myserver.example.pem"
>             ssl.ca-file = "/etc/lighttpd/certs/1_Intermediate.crt"
>           }
>
>           # Force https scheme for nextcloud
>           $HTTP["scheme"] == "http" {
>             $HTTP["url"] =~ "^/nextcloud" {
>               url.redirect = ("^/.*" => "https://myserver.example$0")
>             }
>           }
>         }
>   '';
>
> You can get free certificate from startssl.com (that's what I use).
>
> Best regards,
> Bjørn Forsman
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161014/420b5ecf/attachment-0001.html>


More information about the nix-dev mailing list