HTTP to HTTPS

Fri 24 July 2020
Public key (Photo credit: Michael Drummond)

The goal was to migrate from HTTP to HTTPS

HTTPS overview

The HTTPS protocol rely on TLS (previously SSL) to ensure data integrity (data cannot be modified unnoticed), confidentiality (requested URL and content are only known by end points) and authentication (end points are the ones they claims to be).

TLS (ex-SSL)

TLS is a transport-layer protocol protocol. To ensure its services, cryptography is used. To do so, keys must be exchanged. I won't go into details into the shared cryptographic material (cryptographic algorithms, keys, handshakes). The most important thing is that cryptographic materials used to authenticate the server can be shared in a publicly available certificate [RFC8446 sec.4.4.2]. The most common type of certificate is known as X.509. The cryptographic material contained in the certificate (mostly the public keys and the associated cryptographic algorithm) are used to initiate the TLS connection (the handshake, described in [RFC8446 sec.4]).

X.509

X.509 certificate contains material used to authenticate an endpoint. To be valid, the certificate must be part of a certification path (as defined in [RFC5280 sec.3.2]). This imply either a certificate authority or a self-signed certificate.

The self-signed certificate is easy to setup but is not trusted by default by most verification tools. Thus, for a public server, a self-signed certificate is not suited.

DevOps corner

To migrate from HTTP to HTTPS, the following steps must be followed:

  1. create a X.509 certificate
  2. get your certificate signed by a certificate authority
  3. publish your newly signed certificate
  4. configure your web server to use it
  5. test your web server works
  6. check that links to your website are still working
  7. add a reminder in your calendar to update your certificate before it expires

Certbot is a tool that automated most of this steps. Let's encrypt is a non-profit certification authority. It provides certificates with an expiration date in 3 months [1]. Having to renew the certificate every 3 month is not painful as it can also be automated thanks to Certbot.

If running in interactive mode (as suggested by the documentation), Certbot asks for multiples question to modify the configuration. You can even keep 2 versions of your website: one secured with HTTPS and another one using classic HTTP.

Note that if you have multiple sites running on you server (using virtualhost), you can select which one will be migrated to HTTPS.

The first time you run Certbot, it will perform steps 1 to 4. Checking the certificate renew works by performing a dry run will add a line in a crontab, taking care of the step 7.

You still have to perform tests manually. For example, the pelican configuration include a global variable SITEURL that must be updated.


[1]Having short-live certificate is generally a good idea (you won't have to live with mistakes for long, if compromised, the certificate cannot be abusively used for long,...). Yet, everything in security is a compromise between high level of security and conviviality (otherwise it is not used as expected), and short live certificate require frequent renewals.

Category: network security Tagged: Unix Debian tools how to network security


Travis setup

Tue 12 May 2020
One job in continuous integration pipeline (Photo credit: Wikipedia)

The goal is to setup a CI pipeline based on Travis with external dependencies integrated to a Github repository

Travis basics

To enable Travis integration in Github, one must edit ./.travis.yml file.

I won't go into detail. The setup is …

Category: how to Tagged: travis ci how to

Read More

Wikidata crawling

Sun 26 April 2020
Graph database representation (Photo credit: Wikipedia)

I wish to have reliable data about vehicles. I decided to rely on one large source, namely Wikipedia. I chose it because it is reviewable and most of the time reviewed, and regularly updated and completed.

Wikipedia - Wikidata relationship

Wikidata items are made to …

Category: how to Tagged: python wikipedia wikidata html

Read More

Differential equation in python

Sat 04 April 2020
Second order differential equation (Photo credit: Wikipedia)

In python, differential equations can be numerically solved thanks to scipy [1]. Is usage is not as intuitive as I expected.

Simple equation

Let's start small. The first equation will be really simple:

\begin{equation*} \frac{\partial{f}}{\partial{t}} = a \times f …

Category: maths Tagged: python maths equation

Read More

Zombie propagation

Sat 21 March 2020
Zombie favorite food warning (Photo credit: wikipedia)

I recently read a paper [1] trying to model a disease propagation. I wanted to play with this model.

The model

The model is know as "SIR" as it divide the population into 3 groups:

  • S: suceptible to become a zombie
  • I: infected …

Category: maths Tagged: python maths zombie

Read More

Python virtualenv: quick reference

Sun 21 July 2019
Virtual environement (Photo credit: wikipedia)

To isolate python developments, I use virtualenv. This allow me to forget about the specific python version used for each project, avoid interferences with the default python installation and between my projects, is relatively light, and may have other advantages I cannot imagine with my …

Category: programming Tagged: python tools code

Read More

C*: Yaw

Mon 01 April 2019
aileron Vertical stabilizer (Photo credit: Wikipedia)

This post is about yaw control. This is also the post for which I did not find many references.

Remember the yaw is the axis controlled by the rudder. The rudder acts as any foil, providing a force dependant of its angle of attack. This …

Category: aviation Tagged: C star Flight dynamics yaw

Read More

LaTeX makefile updated

Fri 29 March 2019

My default LaTeX makefile evolved. Here is an update:

The makefile looks like:

LATEX=pdflatex
BIBTEX=bibtex
BIB=
RERUN='(There is undefined reference|Rerun to get (cross-references|the bars) right)'

%.pdf:%.tex
    ${LATEX} $<
    @if [ -e $*.bbl ]; then ${BIBTEX} $* && ${LATEX} $< && ${LATEX} $< ; fi
    @if egrep -q $(RERUN) $*.log ; then ${LATEX} $< ; fi

%.aux …

Category: tools Tagged: GNU LaTeX Makefile Writing how to tools

Read More
Page 1 of 11

Next »