Long overdue, I finally enabled TLS on this blog. It went almost like a breeze.
I just had a few issues:
- I had some hard-coded http:// links in my wordpress theme, that needed changes,
- Since my wordpress instance is reverse-proxied and the real server not behind HTTPS, I had to adjust the wordpress configuration so that it doesn’t do an infinite redirect loop,
- Nginx’s config for multiple virtualhosts needs SSL configuration to be repeated. Fortunately, one can use
- Contrary to the suggested configuration, setting
ssl_session_tickets off;makes browsers unhappy (at least, it made my Firefox unhappy, with a
I’m glad that there are tools helping to get a proper configuration of SSL. It is sad, though, that the defaults are not better and that we still need to tweak at all. Setting where the certificate and the private key files are should, in 2016, be the only thing to do to have a secure web server.