From 9ac239018d1ea125cbd9aa91a53da455120a88c9 Mon Sep 17 00:00:00 2001 From: James Ravenscroft Date: Sat, 8 Jan 2022 14:38:53 +0000 Subject: [PATCH] typo --- .../content/posts/2022/01/08-01-replace-nginx-caddy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/brainsteam/content/posts/2022/01/08-01-replace-nginx-caddy/index.md b/brainsteam/content/posts/2022/01/08-01-replace-nginx-caddy/index.md index be069e0..20415de 100644 --- a/brainsteam/content/posts/2022/01/08-01-replace-nginx-caddy/index.md +++ b/brainsteam/content/posts/2022/01/08-01-replace-nginx-caddy/index.md @@ -22,7 +22,7 @@ Over the last 15+ years I've worked with a bunch of different web servers from A ### SSL Configuration is annoying -I self-host a bunch of applications and up to now I've typically run them in docker and used [nginx](https://www.nginx.com/) to listen for incoming traffic to different domains and subdomains and forward traffic to the right container. This wasn't too painful until the internet community (quite rightly) decided that we should SSL/TLS encrypt all traffic and [LetsEncrypt](https://letsencrypt.org/) made that trend easy by giving out free signed SSL certificates to all (10+ years ago it was pretty common that you'd pay an oligarchy of big companies to sign your SSL cert). I wouldn't say configuring SSL in nginx is a tremendous PITA but it's certainly not fool proof. I'm a fully qualified fool and I've broken it many times. +I self-host a bunch of applications and up to now I've typically run them in docker and used [nginx](https://www.nginx.com/) to listen for incoming traffic to different domains and subdomains and forward traffic to the right container. This wasn't too painful because I was running on HTTP with no SSL until the internet community (quite rightly) decided that we should SSL/TLS encrypt all traffic and [LetsEncrypt](https://letsencrypt.org/) made that trend easy by giving out free signed SSL certificates to all (10+ years ago it was pretty common that you'd pay an oligarchy of big companies to sign your SSL cert). I wouldn't say configuring SSL in nginx is a tremendous PITA but it's certainly not fool proof. I'm a fully qualified fool and I've broken it many times. This process certainly got easier with [Certbot](https://certbot.eff.org/) which automatically configures your nginx certificates for you and can be run in a cron job to renew your certs on the regular but certbot [dropped support for my OS](https://community.letsencrypt.org/t/your-system-is-not-supported-by-certbot-auto-anymore/139606/4) a couple of years ago and require use of [snap](https://snapcraft.io/docs/installing-snapd) packages which until very recently have been broken on my server due to weirdness when I upgraded from an old version of Debian (I understand [their reasoning](https://community.letsencrypt.org/t/certbot-auto-no-longer-works-on-debian-based-systems/139702/7) although it is obviously a tad frustrating).