Author Archives

• Fixing SSL Labs Grade on F5 Big-IP – Enabling HSTS

  By GrumpyTechie on November 25, 2019 • ( 0 )

  

  This week, we’re going for the gold medal, that sweet sweet A+ grade on Qualys SSL Labs. And to achieve this lofty goal of ours, we’ll need to enable one thing, HSTS. This is no small task, and for the… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Custom Cipher Groups

  By GrumpyTechie on November 18, 2019 • ( 0 )

  

  As promised in my last post on F5 load-balancers, this weeks issue of the never-ending guide on how to keep your F5 Big-IPs in the good graces of Qualys SSL Labs will deal with TLSv1.3 demanding that we use cipher… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Enabling TLSv1.3

  By GrumpyTechie on November 12, 2019 • ( 1 )

  

  In my last post on F5 load-balancers, we disabled TLS v1 and v1.1 as a preemptive measure as SSL Labs is going to start capping your grade to B if you’re caught supporting these protocols after January 2020. In this… Read More ›

• Fixing SSL Labs Grade on F5 Big-IP – Disabling TLSv1 and TLSv1.1

  By GrumpyTechie on October 31, 2019 • ( 6 )

  

  So, it’s again time to start worrying about your SSL Labs grade. Coming January 2020, any site still supporting TLSv1 and TLSv1.1 will have their grade capped to B. As we all know, this is unacceptable, so we’ll once again… Read More ›

• Adding SANs to Let’s Encrypt Certificates – LE Series Part 2

  By GrumpyTechie on September 20, 2019 • ( 0 )

  

  As we already went through in part 1 of this series, requesting certificates using Let’s Encrypt and certbot is rather easy. Today we’re going to look at how you can request certificates with multiple Subject Alternative Names, or SANs for… Read More ›

• Enabling HTTP/2 on NGINX – NGINX Tricks Part 3

  By GrumpyTechie on September 12, 2019 • ( 0 )

  

  As you might have heard, there’s a new version of HTTP out there that’s far superior to HTTP/1.1. I won’t go into what exactly has changed in HTTP/2, but it’s faster and more secure, and allows for some even more… Read More ›

• Implementing HTTP 418 Errors on NGINX – NGINX Tricks Part 2

  By GrumpyTechie on September 5, 2019 • ( 1 )

  

  A year or so ago I got intrigued about how to “properly” implement custom HTTP errors on NGINX after watching this rather funny DEFCON talk. The speaker talks about returning “weird” HTTP codes since browsers usually seem to display anything… Read More ›

• Redirecting IP Traffic to HTTPS – NGINX Tricks Part 1

  By GrumpyTechie on August 26, 2019 • ( 1 )

  

  Lately I had a peculiar issue, I wanted to secure a web server running NGINX with HTTPS using Let’s Encrypt, but almost all traffic to said web server request the web page using the IP address of the server, since… Read More ›

• Getting started with Let’s Encrypt & Certbot – LE Series Part 1

  By GrumpyTechie on August 23, 2019 • ( 1 )

  

  I’ve been enjoying myself immensely playing around with Let’s Encrypt these last few days, and discovered a couple solution to common problems and issues, so I thought I’d make a small guide mostly for my own reference on how to… Read More ›

• Configuring Ubuntu to Patch Itself

  By GrumpyTechie on April 28, 2019 • ( 0 )

  

  After a couple of years in the IT infrastructure world, you’ll be faced with the greatest task of all, updating servers every month or so. This has always been the most brain dead task imaginable, but now with virtualization, we… Read More ›