Fossil

Check-in [83c902be]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Typo fix
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 83c902be72fa4609a1cb0b4d831bbb60941ba69d4774e3c835dae57e0f62fa77
User & Date: wyoung 2019-01-21 10:03:40.195
Context
2019-01-21
10:51
Swapped Let's Encrypt's advice for ssl_ciphers in the nginx TLS config for Qualys SSL Labs' advice. ... (check-in: 8f2ec292 user: wyoung tags: trunk)
10:03
Typo fix ... (check-in: 83c902be user: wyoung tags: trunk)
09:45
Linked the new TLS + nginx guide to an nginx blog on enabling HSTS. ... (check-in: 30d577a7 user: wyoung tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to www/tls-nginx.md.
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
As written above, this configuration does nothing other than to tell
nginx that it’s allowed to serve content via HTTP on port 80 as well.

We’ll uncomment the `rewrite` and `return` directives below, when we’re
ready to begin testing.


#### Why the Repitition?

You need to do much the same sort of thing as above for each domain name
hosted by your nginx server.

You might being to wonder, then, why I haven’t factored some of those
directives into the included files `local/tls-common` and
`local/http-certbot-only`. For example, why can’t the second HTTP-only







|







374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
As written above, this configuration does nothing other than to tell
nginx that it’s allowed to serve content via HTTP on port 80 as well.

We’ll uncomment the `rewrite` and `return` directives below, when we’re
ready to begin testing.


#### Why the Repetition?

You need to do much the same sort of thing as above for each domain name
hosted by your nginx server.

You might being to wonder, then, why I haven’t factored some of those
directives into the included files `local/tls-common` and
`local/http-certbot-only`. For example, why can’t the second HTTP-only