nekochan.net over ssl (https)?

Opinions, ideas and thoughts about Nekochan Net.
User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

nekochan.net over ssl (https)?

Unread postby toxygen » Wed May 14, 2008 10:03 am

hello (neko),
i would like to ask whether it would be a problem to make apache run with mod_ssl module?
it would be nice (at least for me) to log onto nekochan over encrypted channel.
I know there is nothing confidential, nor nothing to hide, but still, i think it is good habit to encrypt and it will make some of users little bit happier...


"A popular response is: ``If you have nothing to hide, you have nothing to fear.`` [...] The truth is that we all do have something to hide, not because it's criminal or even shameful, but simply because it's private.''
--George Radwanski, Privacy Commissioner of Canada.
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: nekochan.net over ssl (https)?

Unread postby nekonoko » Wed May 14, 2008 11:17 am

Looks like a lot of work to set up; ideally you'd want a signed CA which costs $$$ ($300 to $500 for a year). Since I don't sell anything on this site it's not worthwhile to me.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

Re: nekochan.net over ssl (https)?

Unread postby toxygen » Wed May 14, 2008 12:14 pm

nekonoko wrote:Looks like a lot of work to set up; ideally you'd want a signed CA which costs $$$ ($300 to $500 for a year). Since I don't sell anything on this site it's not worthwhile to me.


and going with self signed certs or cacert.org (which is down currently :?: ) ?
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: nekochan.net over ssl (https)?

Unread postby nekonoko » Wed May 14, 2008 12:17 pm

It's not worth the time/trouble for me, sorry.
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

Re: nekochan.net over ssl (https)?

Unread postby toxygen » Wed May 14, 2008 2:21 pm

nekonoko wrote:It's not worth the time/trouble for me, sorry.


I don't want to be malapert, but what's the trouble with self-signed certificate and enabling mod_ssl in apache?

Code: Select all

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr

openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl
[or wherever you have apache2 config files]

[httpd.conf]
ServerName xxx.xxx.xxx.xxx:443
Listen xxx.xxx.xxx.xxx:443

LoadModule ssl_module modules/mod_ssl.so

SSLEngine on
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key

[sites config]
NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/var/www-ssl/html"


though, i don't want to push you. if you don't like the idea, nevermind this post...
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: nekochan.net over ssl (https)?

Unread postby nekonoko » Wed May 14, 2008 2:50 pm

toxygen wrote:
nekonoko wrote:It's not worth the time/trouble for me, sorry.


I don't want to be malapert, but what's the trouble with self-signed certificate and enabling mod_ssl in apache?


Well let me make it clearer for you then - pay me for my time and we'll talk :)
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.

User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

Re: nekochan.net over ssl (https)?

Unread postby toxygen » Wed May 14, 2008 3:11 pm

nekonoko wrote:
toxygen wrote:
nekonoko wrote:It's not worth the time/trouble for me, sorry.


I don't want to be malapert, but what's the trouble with self-signed certificate and enabling mod_ssl in apache?


Well let me make it clearer for you then - pay me for my time and we'll talk :)


hey come on, who pays you for nekochan? :D
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
voidfoo
Posts: 474
Joined: Sat May 17, 2003 2:01 pm
Location: Seattle

Re: nekochan.net over ssl (https)?

Unread postby voidfoo » Wed May 14, 2008 3:35 pm

I am not sure about the benefits of a secure channel but I guess it will cause some overhead for the server.
:Indigo2IMP: :Octane: :O2: :O2: :O2: :Octane2:

User avatar
japes
Donor
Donor
Posts: 1006
Joined: Thu Nov 08, 2007 4:35 pm
Location: Lynnwood, WA

Re: nekochan.net over ssl (https)?

Unread postby japes » Wed May 14, 2008 9:02 pm

voidfoo wrote:I am not sure about the benefits of a secure channel but I guess it will cause some overhead for the server.


The overhead can be significant.

I don't see any reason to encrypt the transmission for a web forum. Perhaps for a login screen, but come on, get yourself a disposable password and carry on. Encrypting would brake other useful things, like local proxy servers and compression along slow links.

I'm going to guess perhaps the reason for wanting https is to steer around a filtering proxy (in my case they force https through the same proxy at work so that doesn't help). If that is the case perhaps you need to come up with another solution, one that scales to include the next site you need to get at.

I'd rather neko spends his time doing what he pleases (or coming up with his blog redesign) instead of solving a problem that doesn't exist.
:O3000: :Fuel: :Tezro: :Tezro: :Octane2: :Octane: :Octane: :Indigo: :Indigo: :Indigo: :Indigo: :O2: :1600SW: :O2: :1600SW: :1600SW: :Indigo2: :Indigo2: :Indigo2: :Indigo2: :Indigo2IMP: :Indy: :Indy: :Indy: :Indy: :O3x0: :O3x02L: :O3x02L:

User avatar
toxygen
Posts: 318
Joined: Sat Jul 07, 2007 2:19 am
Location: Slovakia
Contact:

Re: nekochan.net over ssl (https)?

Unread postby toxygen » Wed May 14, 2008 10:52 pm

I'm going to guess perhaps the reason for wanting https is to steer around a filtering proxy (in my case they force https through the same proxy at work so that doesn't help). If that is the case perhaps you need to come up with another solution, one that scales to include the next site you need to get at.


you're completely wrong. it has nothing to do with proxy or whatever you meant.
it's just security.

overhead... as you think, for sure it will not bring the server to knees.

as i said, it was only suggestion, neko said no, so nothing more to discuss here
:Indigo2IMP: :Octane: This post was typed using dvorak keyboard layout - http://www.dvzine.org

User avatar
nekonoko
Site Admin
Site Admin
Posts: 8145
Joined: Thu Jan 23, 2003 1:31 am
Location: Pleasanton, California
Contact:

Re: nekochan.net over ssl (https)?

Unread postby nekonoko » Thu May 15, 2008 11:17 am

japes wrote:(or coming up with his blog redesign)


The way things have been going lately I may be forced to hire someone to redo it :D
Twitter: @neko_no_ko
IRIX Release 4.0.5 IP12 Version 06151813 System V
Copyright 1987-1992 Silicon Graphics, Inc.
All Rights Reserved.


Return to “Nekochan Net”

Who is online

Users browsing this forum: No registered users and 2 guests