Merlins-Bar gets Encryption!
15/05/18(Tue)23:01


I've added support for HTTPS SSL Encryption to this test site. To access the secure version simply use https://test.merlins-bar.com
You will likely get an warning that the certificate is self-signed and so you will have to trust it manually. Once you have trusted the certificate it will be good for 3 years and the site will be accessible securely. I might look at getting a full CA (Certificate Authority) SSL certificate but it depends how much it costs.

  • Supported file types are: GIF, JPG, PNG
  • Maximum file size allowed is 8000 KB.
  • Images greater than 200x200 pixels will be thumbnailed.
Subject (Optional)
Comment
File (Optional)
Submit

23/09/19(Mon)14:21

Yeah, will do that. Thanks anyway.

21/09/19(Sat)11:51

I don't know the answer here as I'm not familiar with synology devices. I would think synology know what they are doing, they have a very good reputation.
I would think the best place to find out would be on a synology forum.

20/09/19(Fri)21:19
914.4
(914.4 Kb, 499x269)
Fucky indeed

Old thread, new question.

I recently had an issue with my NAS which meant I couldn't access it anymore. Luckily I made backups so it wasn't that painful.
So after a fresh build I noticed the NAS has an EXCLAMATION MARK on the lock in the address bar, which is due to the Synology certification. Shit's not safe, yo.
And on external networks it doesn't display the name rather the IP-address. Is this because of the SSL certificate?

Now my question is can I just get a Let's Encrypt certificate for my NAS?

01/06/18(Fri)16:36

Seeing as the GoDaddy server gives us only 21% I think we can be very happy :)

01/06/18(Fri)13:05
1634.0
(1634.0 Kb, 200x129)
Let's celebrate!

From 49 to 55% WOOHOO!

https://en.internet.nl/site/test.merlins-bar.com/294923/

31/05/18(Thu)13:36

HSTS is now supported.

Redirecting from HTTP to HTTPS is fixed.

IPv6 is not possible until my ISP support it. I tried using an IPv6 tunnel but it didn't work correctly and caused problems with other things.

I set up DNSSEC on my server but godaddy want me to pay them £3.60 a month to enable it. Fuck that! I'll look a little further in to it at some point in case there is a workaround, but it's not super important for a site like this.

22/05/18(Tue)13:00

""Your domain is not signed with a valid signature." Yes it is, at least to Firefox and "ahem" Edge it is. Comodo approved, and yours by Let's Encrypt."

It's looking for a security certificate to show the site address is being hijacked to point to another website. I'm looking in to it. I think I can do it without too much trouble.

""Your website is not reachable for visitors using a modern internet address" Really? IPv6 is not backward compatible with IPv4?"

IPv6 doesn't automatically redirect to IPv4, it has to be setup somewhere, my router does support it. My ISP doesn't offer IPv6 but I can setup a IPv6 tunnel that will point to router. I'll look in to the details at some point. It's not very important though. To be honest the IPv6 thing is a mess! XD

""Your web server does not enforce HTTPS." I have that option turned on in my server yet the site still says it's not forced?"

I can't force HTTPS until I switch the main site to my server.

""Your web server does not offer an HSTS policy." Well, it also doesn't offer ice cream. Never heard of HSTS though. You?"

This is a security thing and I'm looking in to it.

""Your web server supports HTTP compression.." I've seen the option but I don't have that turned on."

Most web servers use compression to save a bit of bandwidth. I'm still not sure of the best way to handle this, but I can always just turn it off. I don't think it's a big problem.

""Your website domain does not contain a TLSA record for DANE." I don't think we need this. "

I'm looking in to this, it's another security thing that might be a good idea.


I'm pretty happy with the security we already have but I'm always happy to make it better :D

22/05/18(Tue)11:14

I do wonder about this;

"Your domain is not signed with a valid signature." Yes it is, at least to Firefox and "ahem" Edge it is. Comodo approved, and yours by Let's Encrypt.

"Your website is not reachable for visitors using a modern internet address" Really? IPv6 is not backward compatible with IPv4?

"Your web server does not enforce HTTPS." I have that option turned on in my server yet the site still says it's not forced?
"Your web server does not offer an HSTS policy." Well, it also doesn't offer ice cream. Never heard of HSTS though. You?
"Your web server supports HTTP compression.." I've seen the option but I don't have that turned on.

"Your website domain does not contain a TLSA record for DANE." I don't think we need this.

In my opinion I'm (we're) at least 80% secure and our servers too ;)

22/05/18(Tue)09:40

>>34382 Cool, that's pretty interesting. I'll look in to getting a few more percent :D
The www.merlins-bar.com site only scores 21% so we're moving in the right direction :)

22/05/18(Tue)07:50

I just leave this here: https://en.internet.nl/site/test.merlins-bar.com/269741/

16/05/18(Wed)23:35
26.1
(26.1 Kb, 494x300)

ah yeah, I see it now. A nice green lock. I adjusted my bookmarks

16/05/18(Wed)22:18

I think I may not be able get the redirect working until I switch the main merlins-bar.com domain to point to this server. But you can manually use https://test.merlins-bar.com

16/05/18(Wed)21:55

Nope, not fixed yet >:(

16/05/18(Wed)21:52

Looks like the redirect rule didn't get added by the LetsEncrypt script correctly. Should be fixed now.

16/05/18(Wed)19:40
33.0
(33.0 Kb, 500x319)

>>34347 mmm... It's still listed as not secure on my side.

16/05/18(Wed)13:50

>>34344 test.merlins-bar.com now has a CA certificate, through letsencrypt.org, and should automatically redirect to the HTTPS protocol.

16/05/18(Wed)11:18

oh good it works again. You saw the error I mailed you?

I found some sites:
https://letsencrypt.org/
https://www.xolphin.com/ssl/certificates?cur=EUR#DV_Default_1

16/05/18(Wed)11:16

test