Enable SSL for your WordPress blog

December 5, 2015November 18, 2016 Josh Reichardt Leave a comment

Updated: 11/18/16

The Let’s Encrypt client was recently renamed to “certbot”. I have updated the post to use the correct name but if I miss something use certbot or let me know.

With the announcement of the public beta of the Let’s Encrypt project, it is now nearly trivial to get your site set up with an SSL certificate. One of the best parts about the Let’s Encrypt project is that it is totally free, so there is pretty much no reason to protect your blog set up with an SSL certificate. The other nice part of Let’s Encrypt is that it is very easy to get your certificate issued.

The first step to get started is grabbing the latest source code from GitHub for the project. Log on to your WordPress server (I’m running Ubuntu) and clone the repo. Make sure to install git if you haven’t already.

git clone https://github.com/letsencrypt/certbot.git

There is a shell script you can run to pretty much do everything for you, including installation of any packages and libraries it needs as well as configures paths and other components it needs to work.

cd certbot
./certbot-auto

After the bootstrap is done there should be some CLI options. Run the command with the -h flag to print out help.

./certbot-auto -h

Since I am using Apache for my blog I will use the “–apache” option.

./certbot-auto --apache

There will be some prompts you need to go through for setting up the certificates and account creation.

This process is still somewhat error prone, so if you make a typo you can just rerun the “./letsencrypt-auto” command and follow the prompts.

The certificates will be dropped in to /etc/letsencrypt/live/<website>. Go double check them if needed.

This process will also generate a new apache configuration file for you to use. You can check for the file in /etc/apache2/site-enabled. The import part of this config should look similar to the following:

<VirtualHost *:443>
  UseCanonicalName Off
  ServerAdmin webmaster@localhost
  DocumentRoot /var/www/wordpress
  SSLCertificateFile /etc/letsencrypt/live/thepracticalsysadmin.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/thepracticalsysadmin.com/privkey.pem
  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateChainFile /etc/letsencrypt/live/thepracticalsysadmin.com/chain.pem
</VirtualHost>

As a side note, you will probably want to redirect non https requests to use the encrypted connection. This is easy enough to do, just go find your .htaccess file (mine was in /var/www/wordpress/.htaccess) and add the following rules.

<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{SERVER_PORT} 80
  RewriteRule ^(.*)$ https://example.com/$1 [R,L]
</IfModule>

Before we restart Apache with the new configuration let’s run a quick configtest to make sure it all works as expected.

apachectl configtest

If everything looks okay in the configtest then you can reload or restart apache.

service apache2 restart

Now when you visit your site you should get the nice shiny green lock icon on the address bar. It is important to remember that the certificates issued by the Let’s Encrypt project are valid for 90 days so you will need to make sure to keep up to date and generate new certificates every so often. The Let’s Encrypt folks are working on automating this process but for now you will need to manually generate new certificates and reload your web server.

That’s it. Your site should now be functioning with SSL.

Updating the certificate automatically

To take this process one step further We can make a script that can be run via cron (or manually) to update the certificate.

Here’s what the script looks like.

#!/usr/bin/env bash

dir="/etc/letsencrypt/live/example.com"
acme_server="https://acme-v01.api.letsencrypt.org/directory"
domain="example.com"
https="--standalone-supported-challenges tls-sni-01"

# Using webroot method
#/root/letsencrypt/certbot-auto --renew certonly --server $acme_server -a webroot --webroot-path=$dir -d $domain --agree-tos

# Using standalone method
service apache2 stop
# Previously you had to specify options to renew the cert but this has been deprecated
#/root/letsencrypt/certbot-auto --renew certonly --standalone $https -d $domain --agree-tos
# In newer versions you can just use the renew command
/root/letsencrypt/certbot-auto renew --quiet
service apache start

Notice that I have the “webroot” method commented out. I run a service (Varnish) on port 80 that proxies traffic but also interferes with LE so I chose to run the standalone renewal method. It is pretty easy, the main difference is that you need to turn off Apache before you run it since Apache binds to to ports 80/443. But the downtime is okay in my case.

I chose to put the script in to a cron job and have it run every 45 days so that I don’t have to worry about logging on to my server to regenerate the certificate. Here’s what a sample crontab for this job might look like.

0 0 */45 * * /root/renew_cert.sh

This is a straight forward process and will help with your search engine juices as well.

Oplev Det Bedste Af Unibet: Unibet Casino, Login, Bonus, Og App

December 3, 2015December 8, 2025 Jake Alheid

Velkommen til Unibet, en af de mest populære online gambling platforme i Danmark. Oplev en enestående række af spil på Unibet Casino samt en problemfri brugeroplevelse gennem Unibet login. For de, der nyder spil på farten, er Unibet appen det perfekte værktøj.

Unibet Casino

Unibet Casino tilbyder et bredt udvalg af spil fra klassiske bordspil til de nyeste slots, der garanteret vil fange din interesse.

Unibet Login

Det er nemt og hurtigt at få adgang til din konto. Brug Unibet login til at sikre, at du er klar til enhver spillemulighed.

Unibet Bonus

Start din spilrejse med fantastiske Unibet bonusser. Disse tilbud er designet til at give dig mere værdi fra din spiloplevelse.

For mere information om tilbud og kampagner, besøg https://unibet-casinodk.com/ og opdag alt, hvad Unibet har at tilbyde!

Entdecken Sie die Welt von Hitnspin und Hitnspin Deutschland: Ihr Leitfaden für Hitnspin 25€, Hitnspin Casino und Hitnspins

December 3, 2015December 4, 2025 Jake Alheid

Das Online-Glücksspiel hat in den letzten Jahren enorm an Popularität gewonnen, und Hitnspin spielt dabei eine bedeutende Rolle. In diesem umfassenden Leitfaden werden wir die verschiedenen Facetten von Hitnspin, einschließlich Hitnspin 25€ und Hitnspin Casino, erkunden und einen besonderen Blick auf Hitnspins werfen.

Was ist Hitnspin und Hitnspin Deutschland?

Hitnspin ist eine führende Online-Glücksspielplattform, die eine Vielzahl von Spielen und Dienstleistungen anbietet. Ob Sie in Deutschland ansässig sind oder einfach nur interessiert an einer hochwertigen Plattform, Hitnspin Deutschland bietet spannende Möglichkeiten, von Spielautomaten bis hin zu Tischspielen.

Die Rolle von Hitnspin 25€

Ein bedeutender Vorteil von Hitnspin ist das Hitnspin 25€-Willkommensangebot. Dieses Angebot bietet neuen Benutzern die Möglichkeit, mit einem Vorsprung ins Spiel einzusteigen. Es ist eine ausgezeichnete Möglichkeit, verschiedene Spiele auszuprobieren, ohne Ihr eigenes Geld zu riskieren.

Die Attraktionen des Hitnspin Casinos

Das Hitnspin Casino ist bekannt für seine Vielfalt und Qualität. Ob Sie ein Fan von klassischen Spielautomaten oder modernen Video-Slots sind, hier finden Sie etwas nach Ihrem Geschmack. Zusätzlich zu den Slots bietet das Casino auch traditionelle Spiele wie Blackjack und Roulette an.

Spieltyp	Beschreibung
Slot-Spiele	Eine Mischung aus klassischen einarmigen Banditen und modernen Video-Slots.
Tischspiele	Beliebte Spiele wie Blackjack, Roulette und Baccarat.
Live-Casino	Echtzeit-Spiele mit Live-Dealern für ein authentisches Erlebnis.

Warum Sie Hitnspins ausprobieren sollten

Hitnspins bietet nicht nur eine aufregende Spielumgebung, sondern auch eine sichere und benutzerfreundliche Plattform. In einer Welt, in der Online-Sicherheit von größter Bedeutung ist, stellt Hitnspin sicher, dass Ihre Daten geschützt und Ihre Spielumgebung sicher ist.

Fazit

Zusammenfassend lässt sich sagen, dass Hitnspin und Hitnspin Deutschland alle Elemente bieten, die ein Spieler braucht, um ein aufregendes und sicheres Spielerlebnis zu genießen. Mit Funktionen wie dem Hitnspin 25€-Bonus und einer breiten Palette von Casino-Spielen bleibt kein Wunsch offen. Wenn Sie auf der Suche nach einer Plattform sind, die Ihnen sowohl Unterhaltung als auch Gewinnaussichten bietet, ist Hitnspins die richtige Wahl für Sie.

Wir hoffen, dass dieser Leitfaden Ihnen hilft, die aufregende Welt von Hitnspin zu erkunden und das beste Spielerlebnis zu bekommen.

Discover the Thrills of Casinonic: Login to the Ultimate Casinonic Casino Experience!

December 2, 2015December 4, 2025 Jake Alheid

Welcome to the World of Casinonic Casino

Casinonic Casino is a premier online gaming platform that offers an unmatched gambling experience for enthusiasts around the world. The platform is renowned for its wide array of games, including thrilling slots and exciting table games, ensuring every player finds something to suit their taste. At the heart of Casinonic is its seamless casinonic login feature, making it easier than ever for players to dive into their favorite games.

For players seeking the convenience of gaming on the go, the Casinonic app provides a perfect solution. With its user-friendly interface and instant access to a multitude of games, the app is your passport to mobile casino entertainment.

Why Choose Casinonic Slots?

Casinonic slots stand out for their innovative graphics and rewarding gameplay. From classic fruity reels to modern video slots packed with bonus features, there’s a slot game for every kind of player. The platform frequently updates its game roster, ensuring players always have something new to explore.

Exciting Promotions Await

Newcomers to Casinonic are greeted with generous welcome bonuses, including casinonic free spins that provide an extra edge in your gaming adventures. Loyal players are also rewarded with exclusive promotions, ensuring there’s always something to look forward to each time you log in.

Set up SSL for Rancher Server

December 1, 2015February 22, 2019 Josh Reichardt Leave a comment

One issue you will probably run across if you start to use Rancher to manage your Docker containers is that it doesn’t serve pages over an encrypted connection by default. If you are looking to put Rancher in to a production scenario, it is a good idea to serve encrypted pages. HA is another topic, but at this point I have not attempted to set it up yet because it is a much more complicated process currently. The Rancher folks are working on making HA easier in the near future (if you know an easy way to do it I would love to hear about it). I would argue though that if you can set up SSL for your Rancher server you are over half way to a full production set up.

The process of getting Rancher to proxy through an encrypted connection is straight forward, assuming you already have some certs to use. If you don’t already have any official certificates issued *I think* you should be okay with self signed certs, but you won’t get that green lock that everybody loves. Definitely if you are just testing this set up you should be fine to start out with some self signed certs. Here is a reference for creating some certs for Nginx to test with.

Another important thing to be aware of is that these instructions are specific to the Nginx method outline above. I have not tried the Apache method, though I would guess it should be very easy to adapt.

Take a look at the Rancher docs as a starting point for getting started, they are very good and will get you most of the way there. However, when I went through this process there were a few pieces of information that I had to piece together myself, which is the bulk of what I will be sharing today.

The first step is to adapt the configuration in the docs in to a full Nginx config that can be dropped in to the official Nginx image from Dockerhub. Here is the config I used.

upstream rancher {
    server rancher-server:8080;
}

server {
    listen 443 ssl;
    server_name test.com;
    ssl_certificate /etc/rancher/test.com.crt;
    ssl_certificate_key /etc/rancher/test.com.key;

    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://rancher;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        # This allows the ability for the execute shell window to remain open for up to 15 minutes. Without this parameter, the default is 1 minute and will automatically close.
        proxy_read_timeout 900s;
    }
}

server {
    listen 80;
    server_name test.com;
    return 301 https://$server_name$request_uri;
}

There are a few important things to note about this config. One is naming the upstream the same name as what the rancher server container is named, in this case rancher-server.

Note that I have used test.com as the server name and so the certs and names are all reflective of that value. Obviously that will need to be updated with your own values.

Finally, we have added an additional logging section to the config that will pipe the logs to stdout/stderr so we can easily look at the requests from the host OS via the “docker logs” command.

To get the following Docker run command to work correctly you will want to create a directory called /etc/rancher or something easy to remember, and place this config (named as rancher-nginx.conf), along with the certs you have created in to this location. Alternately you can modify the Docker run command and simply have the volume mounts pointed at the location you store the configuration and certs. For me, it makes the most sense to group these items together in /etc/rancher.

docker run -d --restart=always --name nginx 
    -v /etc/rancher/rancher-nginx.conf:/etc/nginx/conf.d/default.conf
    -v /etc/rancher/test.com.crt:/etc/rancher/test.com.crt
    -v /etc/rancher/test.com.key:/etc/rancher/test.com.key
    -p 80:80 -p 443:443 --link=rancher-server nginx

This will mount in the correct configuration and certificates to the Nginx docker container, expose port 80 and 443 for web traffic (make sure to adjust any firewall rules you need to get traffic to pass through these ports), and link to the rancher-server container so that the traffic can be proxied.

Additionally, you will need to update any reference to the old address that was using http://<rancher-name>:8080/ to point to https://<rancher-name>/. Namely the host registration configuration in the Rancher server, but if you were relying on any other outside tools to hit that endpoint they will also need to be updated to use https instead.