search

cs188-software-design-security-w20 / project-random

project-random created by GitHub Classroom
2 stars 3 forks source link

Install HTTPS certificate to our website #55

Open gqqnbig opened 4 years ago

gqqnbig commented 4 years ago

我不会搞了。你按照 https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html 配置ngix。

SSL for free验证域名要网站提供静态文件,所以服务器上的代码是来自 static-files分支。

http://beta.gqqnbig.me/static/hello.txt 已经可以访问了,但django还没连起来。

SSL证书放在 /project-random/了,文件名叫 sslforfree.zip,是SSL for free生成的,你可以看它的安装证书教程 https://www.sslforfree.com/#tutorials

dliang090222 commented 4 years ago

好~

On Sat, Feb 8, 2020, 10:22 QQ喵 notifications@github.com wrote:

我不会搞了。你按照 https://uwsgi-docs.readthedocs.io/en/latest/tutorials/Django_and_nginx.html 配置ngix。

http://beta.gqqnbig.me/static/hello.txt 已经可以访问了,但django还没连起来。

SSL证书放在 /project-random/了,文件名叫 sslforfree.zip,是SSL for free生成的,你可以看它的安装证书教程 https://www.sslforfree.com/#tutorials

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/cs188-software-design-security-w20/project-random/issues/55?email_source=notifications&email_token=AFSPMG646S243V7ZKJMFQKLRB3Z2NA5CNFSM4KRZGVLKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELFYJTA#issuecomment-583763148, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFSPMG53PG4OHZRQH42Q6HTRB3Z2NANCNFSM4KRZGVLA .

gqqnbig commented 4 years ago

https://www.immuniweb.com/ssl/?id=TWn6BgrW

List of all SSL/TLS protocols supported by the server:

TLS1.0目前看来强度不够,不能用

OCSP STAPLING可以搞

TLSv1.2里面的黄色是具体的加密算法,想搞可以搞,就是要禁用它们

推荐支持TLSv1.3,我们现在不支持

HTTP Strict Transport Security这个想搞可以搞,有点推荐

gqqnbig commented 4 years ago

You can close this issue and continue your work in issue #75