Since everyone now can get free 2-year multi-domain certificates from WoSign, I grabbed one for one of my web sites. However, WoSign’s OCSP server is located in China which may, depending on your and your server’s location, increase latency once the web browser is verifying the certificate’s revocation status. In my case from Europe: PING …
Continue reading “Free multi-domain SSL certificates from WoSign and HAProxy OCSP stapling”
I’m running some sort of an experimental KVM guest with IPv6 connectivity only. Since it still had Ubuntu Server 13.10 installed I tried to run a do-release-upgrade on it to upgrade it to the latest Ubuntu Server release – which at the time of this writing is 14.10. However, the do-release-upgrade command kept saying that …
Continue reading “Ubuntu release upgrade says ‘no new release found’ on IPv6-only server”
I just pushed an update for the DNS-unblocking generator to GitHub. From now on, there is just one configuration file for the non-SNI and the pure-SNI approach. Please see the updated README.md on Github for more information.
Since there’s no support for mod_rpaf in Apache2 2.4+ it’s recommended to use mod_remoteip instead if Apache2 is running behind a proxy like HAProxy. mod_remoteip can be enabled using a2enmod remoteip It can be fine tuned in ./conf-available/remoteip.conf. You have to manually create the file if it doesn’t exist. RemoteIPHeader X-Forwarded-For RemoteIPTrustedProxy 127.0.0.1 And don’t …
Continue reading “Apache2 2.4+ not logging remote IP address using mod_remoteip”
My poor man’s DNS-unblocking configuration using just a single, public IP address has one serious limitation: it will not run Netflix or Hulu Plus with non-SNI players like the PS3, Xbox 360, Samsung TVs, Sony BluRay players and possibly quite a few other devices. A commenter (kudos go out to Alex) suggested to use Netfilter’s DNAT port …
Continue reading “Netflix DNS-unblocking without SNI for your Xbox 360, PS3, WDTV, Samsung TV”
