It should be if we page @Krishna_Kumar
Do you know you can get a Letsencrypt certificate for free?
Also, you can get rid of that yellow warning triangle on top. The reason the warning triangle on top appears is because there are images using the “http://” extension instead of the “https://” extension. One way to get around this is to remove the “http” extension from the code.
When the browser call the link, it will substitute it for the right extension, “https:”
The same goes for images;
<img src="//somelink.com/folder/imagename.jpg" bla, bla, bla...>
You can download the pac file from launcher too.
Start the launcher and then open
http://localhost:8100/pac-file on browser.
The downside of configuring this end point is that, when the system reboots the network configuration would check for this location and since launcher is not configured to start at system start up the file wont be loaded and eventually the proxy would have to be set up every time.
As you said, the workaround would be to download the pac-file from local endpoint and save it locally. Use the local file path while configuring the proxy.
Will check with @frabrunelle and update the docs
@dirvine I just had a look at the website. I’m glad that you’re using HTTPS, but you need to set HTTP to automatically redirect to HTTPS or most people will not have the benefits of HTTPS. It would also be a good idea to enable the HSTS header so that browsers will never connect over HTTP.
Here are some things you might consider:
- Use a 4096 bit certificate (
certbot renew --rsa-key-size 4096)
- Enable Strict Transport Security (HSTS) to secure for first connect (instructions here)
- Preload HSTS header into modern browsers
- Use OSCP stapling
Here’s a great scanning resource:
Thanks for the detailed info, @Krishna_Kumar is our admin for that so we will implement these solid suggestions. Cheers
letsencrypt.org certificates are free but require to be renewed every few months. It is headache if you do not set up some automatic solution. The easiest and cheapest solution how to do https is using CloudFlare. It is free, they give you free certificate, they protect you against ddos and much more. It can be set up in few minutes by total noob. Even bitcoin exchanges are using them. And I must say, they saved our company. Our project was attacked by DDOS on https handshake, which was impossible to solve ourselves. When we moved to CloudFlare they analyzed all DDOS traffic, filtered it and gave me free working https solution. The only downside is, you have to trust them:)