Mirror of the Rel4tion website/wiki source, view at <http://rel4tion.org>

[[ 🗃 ^yEzqv rel4tion-wiki ]] :: [📥 Inbox] [📤 Outbox] [🐤 Followers] [🤝 Collaborators] [🛠 Commits]

Clone

HTTPS: git clone https://vervis.peers.community/repos/yEzqv

SSH: git clone USERNAME@vervis.peers.community:yEzqv

Branches

Tags

master :: news /

SSL_Support.mdwn

[[!tag /news]]

Story

Since I launched this website several months ago, Partager and all its servers were not using SSL. I initially intended to be only inside I2P, and I2P does its own encryption and some sort of authentication, which makes SSL unnecessary. However, later I decided to open the servers to clearnet access and that meant plain connections with potentially sensitive information passing unencrypted.

At some point I configured ikiwiki to requires SSL for cookies, in order to avoid this privacy problem. That meant no web logins at all, of course.

It took me a while to get SSL to work. Not because it’s complicated, but because

  1. I was busy with other things and make small slow steps
  2. I was documenting my progress and writing a guide in parallel

Since writing guides is not immediately useful, they get low priority and not writing them while the information is fresh in memory is a big risk. Once I forget and focus on other things, it’s very difficult for me to write a full guide because I don’t really have any experience or knowledge other than this one-time installation process I do with each new server.

Solution: Write the guide in parallel to doing the process itself.

How to Use

I wrote a guide for users of this website and other Partager servers (this includes anyone browsing here who wants to browse with HTTPS), which explains how to tell your computer to trust Partager’s CA certificate (I created a new independent CA, not relying on any centralized CA organization).

The guide is [[here|projects/systems/servers/security/certificates]]. There’s also a more general-purpose guide with a bit more background info but less Partager-specific details [[here|projects/systems/user-guides/ssl]].

Also, there’s a general SSL info page [[here|/ssl]].

How to Make My Server Support SSL Too?

I prepared an [[admin guide|projects/systems/admin-guides/ssl]] for the server admin, and a [[user guide|projects/systems/user-guides/ssl]] the admin can user in order to understand the client side and prepare the files, instructions etc. You can also use the Partager-specific guide linked above as a template.

[See repo JSON]