I came across this wonderful post the other day by Robert Nystrom. It outlines the challenges and tasks he had to accomplish in order to publish his book Game Programming Patterns. This is is a quote from his post:
This gratuitously, vaingloriously long post is about climbing back down the mountain—all of the stuff required to turn a web site into a book. Remember on Mr. Rogers Neighborhood where they would take a trip to a factory to see how cute little piglets are turned into hotdogs or something charming like that? This is like that, but marginally less incarnadine.
I’ve recently been setting this website up to use SSL. To do so I used a couple of great guides and tools on the internet. I got my SSL certificate for free from StartSSL. I found the guide by Eric Mill invaluable to working through the relatively poor UI that StartSSL has to gain the free certificate.
To start with I received a C grade. I had two things to remedy:
I had SSL3 enabled which is vulnerable to an attack called POODLE
I did not have Perfect Forward Secrecy enabled, which prevents back decryption of previous conversations even when an attacker gains access to your private key (which happened with Heartbleed).
To remedy both these elements I needed to set Apache to use the correct SSL Protocols and the correct ciphers. More specifically I had to prioritise the ciphers that I prefered clients to use. I specifying the more secure ciphers first, clients that support it, will use Forward Secrecy as a priority.
Using Webmin you can go to Servers -> Apache Webserver -> Global Configuration -> Edit Config files
Comment out the existing SSL config. Change to the following:
If you want to install your SSL certificate in VirtualMin, you need to select your virtual server, then go to Server Configuration -> Manage SSL Certificate.
By default VirtualMin will have install a self-signed certificate, which sadly could be MITMed, which is why we are using the certificate from StartSSL, since they as a Certificate Authority have verified who I am (in the loosest sense of the word, by validating they can send an email to the domain for which I am trying to request a certificate for). More expensive certificates require you to prove your actual identity. More more expensive certificates allow you to have one certificate for multiple subdomains . The whole thing is a racket but I digress.
Back to VirtualMin we need to install the certificate that StartSSL has provided us. You need to upload the signed certificate and the private key you used, but you need it in a PEM format. To do that you can use the following command:
MetricsGraphics.js is a library built on top of D3 that is optimized for visualizing and laying out time-series data. It provides a simple way to produce common types of graphics in a principled, consistent and responsive way. The library currently supports line charts, scatterplots and histograms as well as features like rug plots and basic linear regression.