#https on cohost

linicks @linicks9/8/2024, 9:59 PM

lol, lmao

So I'm banging my head against the keyboard trying to work through this tutorial on using cert-manager with Let's Encrypt CA on Google Kubernetes Engine. I am not a good tutorial reader. I will immediately try to rework the example for my own scenario rather than complete it as intended.

I had successfully deployed Plausible Community Edition just fine on my local cluster months ago. But for some reason things were buggy now on GKE.

The first culprit was HSTS. Both Chrome and Firefox were forcing me into HTTPS¹. It turns out that I couldn't use Chrome at all because all .dev domains are forced into HSTS in Chrome. It also took me longer than I wanted to realize that I had to close out Firefox completely after resetting HSTS. 😒

And after all that, I run into a breaking bug in one of Plausible's dependencies! Thankfully, it seems that a fix that was merged literally as I sat down to write this post.

I wanted to access the application without HTTPS before adding that part, as per the tutorial.

#web dev #plausible analytics #kubernetes #https

Jessica @ticky1/15/2024, 8:21 PM

ashamed to say it took me a really long time but I finally figured out why http was broken on my VPS; one of my server configs had an errant http2 parameter set on port 80, which breaks all http servers on port 80. tbh I think nginx should probably reject this kind of (mis)configuration outright

https://serverfault.com/a/1041736

#nginx #server #web hosting #http2 #http #https #http server

Aaron Gable @asg9/22/2023, 9:21 PM

plain HTTP is unsafe -- every website needs HTTPS

I had a discussion on here a few weeks ago where people were saying that requiring HTTPs everywhere is not only unnecessary, but actively hurtful because it makes old sites (that "haven't needed updates in years") inaccessible.

This is why that argument, while true, will never be enough to convince me:

when Eltantawy visited certain websites not using HTTPS, a device installed at the border of Vodafone Egypt’s network automatically redirected him to a malicious website

When you visit a website over plain HTTP, you can be silently served malicious payloads by network interceptors. When you visit a website over HTTPS but allow yourself to be downgraded to plain HTTP, the same is true. When a website allows its visitors to be downgraded to plain HTTP, the same is true. Make all of your websites HTTPS-only. Make all of your browsers requires HTTPS-always. It's critical for the privacy and security of both high-profile targets and normal people everywhere.

https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-presidential-ambitions/

#security #Privacy #tls #ssl #https #webpki #god i wish there were fewer names for this

Μάρκος @postgarf4/19/2023, 1:25 PM

i wish someone would make an HTTPS thing for FreeDOS or DOS/Arachne. that shit would go hard as fuck

#DOS #ms-dos #arachne #https #idk lol