Explains how to install and configure Apache with a mod_md module to secure traffic with Let's Encrypt free TLS/SSL certificate on Ubuntu 20.04 LTS Linux.

One of the things that really got me on board with NodeJS was the idea that I didn’t need a host container for it. Building a web app just means including a library that listens for HTTP requests on a port and respond. No more Apache! One less thing to worry about that isn’t my app!

And then it starts getting complicated.

For a start, port 80 is a privileged port, so when you try to launch the app to test or develop on your own machine you need to do so with sudo. That’s a little annoying, but you could default to port 80 & allow an override. But now you are adding more code to workaround it.

And what about SSL? If you are going to use SSL in production (and you should) then your code is going to have to know about that too and read the certs and set that up. And that’s even more annoying for development, anyone working on your code is going to have to create their own certs just to launch your app. Unless you code in more workarounds.

So that’s a suddenly a lot of code you are maintaining which might create its own problems.

The alternative … use a webserver as a proxy for your app in production. It doesn’t have to be Apache, you could use Nginx for example. I use Apache because I’m reasonably familiar with it.

Let's say you want http://www.example.com/secure/ to always be sent over SSL (I presume here that both the normal and the SSL vhost have the same content). You could do this by linking to the correct page from within your HTML pages... but there will always be some user who will sneak by it that way.

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.example.com
   Redirect permanent / https://secure.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName secure.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
   # etc...
</VirtualHost>

You want to force people coming to your site to use HTTPS. Either for the entire site or a small sub-section of it.

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.

Let’s Encrypt is a free, automated, and open certificate authority utilizing the ACME protocol.

The official client is called Certbot, which allows to request valid X.509 certificates straight from the command line.

The web is (in 2015) a place where security is increasing essential, and always under threat. It is also a space which needs to be consistent, logical, and user-serving. There follow some thoughts following many recent discussions of "HTTPS Everywhere" and points west.

Le but de CAcert est par la sensibilisation et l'éducation de promouvoir la sécurité informatique au travers de la cryptographie, spécialement en mettant à disposition des certificats cryptographiques. Ces certificats peuvent être utilisés pour chiffrer des courriels et les signer électroniquement, authentifier et habiliter des utilisateurs se connectant sur des sites web ainsi que sécuriser la transmission de données sur internet. Toute application qui supporte le protocole « Secure Socket Layer » (SSL ou TLS) peut utiliser les certificats signés par CAcert, comme peut le faire toute application qui utilise des certificats X.509, par exemple pour du chiffrement, de la signature de code ou de la signature de documents.