SSL

  • openssl req -new -x509 -keyout /etc/lighttpd/certs/lighttpd.pem -out /etc/lighttpd/certs/lighttpd.pem -days 365 -nodes
  • chmod 400 /etc/lighttpd/certs/lighttpd.pem
  • insert the below code into /etc/lighttpd/lighttpd.conf
$SERVER["socket"] == ":443" {
  ssl.engine = "enable" 
  ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" 
}

Auth

  • htdigest -c /etc/lighttpd/.passwd 'Authorized users only' user
  • nano /etc/lighttpd.conf
  • add server.modules += ( "mod_auth" )
  • also insert the below
auth.backend = "htdigest"  
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"  
auth.debug = 2  
auth.require = ( "/" =>  
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

Just got a invite to letsencrypt.com the other day
so this blog now has SSL on both ipv4/ipv6 and a A grade on ssllabs.com

for some reason i didnt get a A+ :/

check out caddy if you want a http/2/ssl enabled web server thats simple and supports letsencrypt

Join the beta programto get whitelisted

Stop lighttpd

  • sudo service lighttpd stop

then run letsencrypt client

  • git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt
  • ./letsencrypt-auto --agree-dev-preview --server \ https://acme-v01.api.letsencrypt.org/directory auth

combine files into ssl.pem

  • sudo su (login as root)
  • cd /etc/letsencrypt/live/yourdomain
  • cat privkey.pem cert.pem > ssl.pem

Forward Secrecy & Diffie Hellman Ephemeral Parameters

  • cd /etc/ssl/certs
  • openssl dhparam -out dhparam.pem 4096

Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf

now open port and start lighttpd

  • sudo ufw allow 443
  • sudo service lighttpd start
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using my link and receive $10 in credit
Proudly published with Ghost | Theme based on Draugur | Header Image by GUWEIZ@DeviantArt
Creative Commons Licence