Using a CDN at home for free!

Cloudflare are nice enough to provide a free tier to their CDN service which is perfect for those of us that still host websites at home. The free teir provides some basic benefits – DDOS protection and caching. Check out the details here – https://www.cloudflare.com/plans/#overview

If you utilize their tunneling solution, you’ll also be able to host websites behind a dynamic IP. You’ll no longer need a static IP. This means the traffic goes like so;

Your website <-> ACME <-> Cloudflare tunnel <-> Cloudflare <-> User

Double cool! Check out these resources to do it for yourself –

ACME Manager : https://hub.docker.com/r/jlesage/nginx-proxy-manager/
Cloudflared (Tunnel) container : https://hub.docker.com/r/cloudflare/cloudflared/

Example results over 24hrs for sigtar.com –


Brave Browser – another non-ad web alternative?

 Brave is a web browser that has been about for while, but i only happened across it when it made its way onto the android platform.

It presents another concept which supports web content creators without subjecting viewers to horrendous ads, both in their content and in their speed detriment.

Check their site out here – https://brave.com

Crypto mining failed me (see coin hive here), ads are annoying and more and more likely to be blocked via various plugins and tools. The Brave browser blocks all ads by default and builds up a profile on where you are spending your time on the web. Contributions are then made to the various sites if they are registered to the “BAT” system, which is a way of rewarding the content providers.

My very brief experience so far has been positive, a fast browser which support all my chrome plugins – but with all ad-blocking etc built in. For the extra paranoid it also includes a private mode that utilizes ToR network. Oh and it has a web torrent client built in.

A pretty good summary / review here – https://coiniq.com/brave-browser-review/

Update;

It seems ad’s may be coming to the browser, but so far it looks as though they are “opt-in”. I’ve updated brave link above with referral ;)

time to disable coinhive – hysteria ensues

See my previous post here – https://sigtar.com/2017/10/13/coinhive-alternative

So the trial of coinhive and associated monero browser mining has come to an end. It seems most corporate firewalls and security appliances detect and block access to my domain just being associated with the coinhive java-script.

Even though i was being a polite net citizen and disclosing it on the site – firewalls with strict polices dont give it a chance. Several public DNS servers have also block listed the site – hopefully this will be undone soon.

There is a lot of fear around the word “crypto” due to the more malicious crypto-locker virus and it seems that coinhive has been associated to similar hysteria and panic.

Note : the amount of “wasted CPU” is trivial as i would only expect people visiting my site to be donating some cycles. i.e. in most cases i wouldn’t expect and entire company / business behind a firewall to browse my website and be under threat of  mass “CPU stealing”

 

moving wordpress to http2 (via https)

    

I just moved my wordpress site to http2 (via https). Some advice on steps to moving your site ;

  • Run it behind nginx + lets encrypt – offload ssl certs and get http2 performance
  • Setup nginx default to redirect all http -> https
  • update your WordPress site to correct URL (via admin / settings / general)  i.e. https://sigtar.com
  • Run WP plug-in to change all media / links to new https links. Else you get mixed secuirty (some http, some https)

SSL caching and redirects in chrome

While setting up SSL reverse proxy using lets encrypt and nginx i  had a few troubles with testing via googles Chrome browser.

  • Chrome caches some SSL responses which can be cleared by deleting your browsing data via settings or Ctrl+Shift+Del.
  • Chrome also caches http -> https redirects, you can see these by going to chrome://net-internals and select “HSTS” from the drop down. Enter the domain name under “Delete domain” and press the Delete button

The easiest thing to do during testing is use incognito mode. You will not need to clear the cache every time you change config or re-issue certificates.