Venntro Development’s
post
on Twitter
Guide to how to move your site from HTTP to HTTPS
Nice pricing change(s) from @heroku: free SSL beta and dyno hour flexibility https://blog.heroku.com/archives/2016/5/18/announcing_heroku_free_ssl_beta_and_flexible_dyno_hours
Using Heroku for a custom domain with SSL suddenly became much more attractive (and affordable), especially for people running personal #indieweb sites.
securityheaders.io is a handy site for testing whether your website’s server is sending sensible headers. Think of it like SSL Test for a few nitty-gritty details.
Thanks for the reminder. My single-domain certificate was about to expire so I’ve upgraded to a new Comodo wildcard one ready for some secure subdomain projects. It would be great if this auto-renewed but I think I need to manually renew it unfortunately.
I’ve just set up SSL image proxying on my website through camo to make sure any external non-https images are served via https. Camo is a simple HTTP proxy that also encrypts URLs with HMAC to prevent someone piggy-backing off your service.
Read full post…HTTP proxy to simplify routing images through an SSL host
Checks for (weak) SHA-1 certificates
“(using a NameCheap EssentialSSL wildcard certificate on DigitalOcean)”
“This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.”
How to use StartSSL to get a free SSL cert and configure it with nginx
Real-time browser-server communication using WebSockets where available, falling back to Flash sockets where not
Didn’t know this - href=“//myserver.com/image.jpg” maintains the HTTP/HTTPS state. Very handy for checkout pages
HTTP/HTTPS/SSL Monitor/Proxy/Reverse Proxy
Good reasons to avoid subdomains - pricipally wildard SSL certs are expensive and testing is harder