Currently Viewing Posts in Web & Network

Change directives of Nginx

My new server uses Nginx as a web server. When I check the error log of it, I saw a lot of warnings.

2016/08/27 07:30:03 [warn] 11951#11951: *590544 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/3/28/0000008283 while reading upstream, client: 107.174.247.88, server: www.phpbbchinese.com, request: “GET /download/file.php?id=109 HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.0-fpm.sock:”, host: “www.phpbbchinese.com”

I did the search and found some posts about this kind of warnings. OK, let record it and see what happened later.

Increase buffers.

Edit /etc/nginx/nginx.conf

fastcgi_buffers 32 8k;

Continue reading “Change directives of Nginx”

Move to Linode Server

When you saw this post, it means the blog is moved to a new server at Linode.

New server is a little bit better than the old one at DigitalOcean.

Here is how old server looks like:

  • Operating system     Ubuntu Linux 14.04.4
  • Kernel and CPU     Linux 3.13.0-88-generic on x86_64
  • Processor information     Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz, 1 cores
  • 1 GB RAM
  • 20 GB Storage SSD

digitalocean-spotlight

New server at Linode has following specs:

  • Operating system     Ubuntu Linux 16.04
  • Kernel and CPU     Linux 4.6.3-x86_64-linode70 on x86_64
  • Processor information     Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz, 1 cores
  • 2 GB RAM
  • 24GB Storage SSD

linode-brentwood Continue reading “Move to Linode Server”

Amazon CloudFront adds Canadian edge servers

It is good to know that Amazon AWS service adds new edge locations in Montreal and Toronto for Cloudfront. I hope it will be soon to have a new edge in Canada West, such as Vancouver.

cf_toronto_2

Amazon CloudFront adds new edge locations in Montreal and Toronto, our first in Canada

We are pleased to announce the launch of our newest edge locations in Toronto and Montreal, our first edge locations in Canada. Adding locations in Canada has been frequently requested by our customers so we are excited to add these two locations to our global network. If you’re already using Amazon CloudFront, you don’t need to do anything to your applications as requests are automatically routed to these locations when appropriate.

These new edge locations help improve performance and availability to end users of your applications and support all Amazon CloudFront features at no additional cost. Pricing for the new edge locations in Canada is the same as that in the US.

We have also added a second edge location in Sao Paolo, Brazil, our third edge location in Brazil. With the addition of the new locations in Canada and the second edge location in Sao Paolo, Amazon CloudFront now has a total of 59 edge locations worldwide. To see a list of all Amazon CloudFront global edge locations, please see our edge location list. To learn more about the service, attend a monthly office hour session that includes Q&A with Amazon CloudFront Engineers and Product Managers. Visit Amazon CloudFront for more information and register for the next office hour.

Continue reading “Amazon CloudFront adds Canadian edge servers”

5 Free SSL Tools You Must Try in 2016

It is 2016, your website must be SSL encrypted. Now, you have questions, how about my server and how about my SSL installation? This is the answer to this question. You must try these five free tools to test, check, analyse your https website.

No.1 SSLShopper

It is an SSL checker. Enter server hostname and click check SSL button. It will give you the brief results, including server type, certificate CA, expiration day, etc.

sslshopper

LINK:  https://www.sslshopper.com/ssl-checker.html

No.2 Symantec CryptoReport

It is a powerful tool with good design. The result is more and it is the only one can tell you how many certificates installed. Look at below, the report said, I have RSA and ECC certificates installed.  The report

The report has following information:

  • Certificate is installed correctly.
  • Certificate chain installation part.
  • Server configuration:(Server type, IP, Port, Protocols, Cipher suites, etc.)

symantecLINK: https://cryptoreport.websecurity.symantec.com/checker/

Continue reading “5 Free SSL Tools You Must Try in 2016”

Add my Blog to HSTS preload list

Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.

It has three layers meaning.

  1. https support.
  2. HSTS enabled.
  3. HSTS preload enabled.

Let me explain them one by one.

First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.

After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.

comodo-positive ssl-certificate

Second, I add the HSTS into the Nginx configuration, to make it more secure.

What is HSTS?

HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,[1] and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797

Continue reading “Add my Blog to HSTS preload list”

How to make the SSL site 100 in all four fields of SSLLAB Server Test

Now, a lot of web site are going to add SSL for security purpose.

Just like my site here, the SSL Report is as below.

ssl-report-yinfor

It is A+. The score is great. When I look at it close. There are four parts. Three of them are not 100%.

Can I make it all 100?

I use one test site to do my research and try to make it 100.

OK. Let me show you why and how to do it.

Continue reading “How to make the SSL site 100 in all four fields of SSLLAB Server Test”

SSL added

To provide higher security and better privacy protection, I added SSL certificate on my Blog, here.

When you enter the url of my blog: http:///www.yinfor.com/, it will redirect you to the SSL version, https://www.yinfor.com/

The certificate is purchased from gogetssl.com , three years certificate of Comodo PositiveSSL.

The latest price is $13.15/3years.

comodo_secure_100x85_white

Look at the comodo secure lock, it is a site seal.

Continue reading “SSL added”

City of Burnaby Web Site SSL issue was fixed

When I wrote my last post about the SSL issue of Burnaby City Website, I made a tweet and @cityofburnaby. They replied me on second day.

The official account of CityofBurnaby said the information has been forwarded to their IT team for review.

burnaby city site SSL issue

I thought my job is done. As a residence of Burnaby, I just have duty to help our city be noticed the issue.

Two days after that, @cityofburnaby send me another notice and said their IT team has applied the needed fix. The error is now resolved for Chrome browser on cell phones.

cityofburnaby SSL issue fixed

Continue reading “City of Burnaby Web Site SSL issue was fixed”

Web site of Burnaby City has SSL error

It is an error. When I enter the url of Burnaby City hall at Chrome browser on my cellphone, it displayed with error.

Red crossing line on the https. It said Your connection is not private. Attackers might be trying to steal your information from www.burnaby.ca.

NET::ERR_CERT_AUTHORITY_INVALID

2015-12-21 16.18.52

It is OK when I browse the site on desktop. It looks normal.

I use SSLLABS server tool to check the certificate installation.

The report said it has a certificate chain issues: missing intermediate certificate. Continue reading “Web site of Burnaby City has SSL error”

  • Archives