https

Post Reply
degar
Posts: 3
Joined: Sun Feb 05, 2023 8:54 am

https

Post by degar » Sun Feb 05, 2023 4:38 pm

Is there a way to password protect certain directories (probably would need https for those dirs too)? (and example would be my docs dir, personal photos, or personal media dir) My understanding is that an unlisted directory is already protected because it is unknowable. So, a spider or person would need to guess the dir name. An easy password would block it if someone guessed it.

Here is a question people are probably thinking, but afraid to ask for fear of looking stupid.

As I understand it:
https purpose: man in the middle, Definitely useful for money transactions, email, social media, large sites with a reputation to destroy....But pointless with a "business card" like website, information site, research, weather browsing...
Downsides: slows my browsing down, makes certain proxies needed for data reduction impossible.

What I don't understand:
Why is my hosting company charging me annually for ssl certificates? Seems very stupid to allow 3rd parties to get leverage over the encryption. How can I get around it? What are the steps, in logical syntax, to get these magical keys, with out too many steps?

https://www.mwiede.de/windows-php-webse ... ex.htm#tls
Here you mention open ssl. Is it that my hosting company is malicious, and just trying to get more money from us?

The only reason I might want ssl is to understand the process. I am running a backup business card site from home, and a backup weather site--neither need https. However, I do have an unlisted directory with the audio books I own, and do not want anyone to have access to those directories, except me. Password for the other unlisted virtual dirs would be handy, or at least piece of mine.

degar
Posts: 3
Joined: Sun Feb 05, 2023 8:54 am

Re: https

Post by degar » Sun Feb 05, 2023 6:59 pm

I am also wondering....I have at least 3 ways of getting to my home server: Mydomain.info, mydomain.dyndns.dk, another mydomain,dynamicdns.com , and probrably another mybackupdomain.com

Would it even be possible to get a certificate? https://zerossl.com/ wants to know my domain, which could be one of several domains that would point to the home ip. I am guessing, I need one for each domain, and stuff a bunch of certificates into the correct directory. .. Just a nob question.

User avatar
mwiede
Site Admin
Posts: 34
Joined: Fri Oct 27, 2017 12:56 pm
Location: Germany
Contact:

Re: https

Post by mwiede » Sun Feb 05, 2023 7:06 pm

1. You can protect directories with password authentication. Just use the the /wwadmin panel.
http://yourdomain/wwadmin

To access WWadmin you have to create a password with the reset_pwd.bat located in WWebserver installation directory.

directory_protection.png
directory_protection.png (60.57 KiB) Viewed 58530 times

See also: https://www.mwiede.de/windows-php-webse ... zation.htm


2. Good SSL certificates can be free with Let's Encrypt https://letsencrypt.org/
Your provider should support Let's Encrypt.

If you want to use WWebserver with a valid certificate, the webserver must be accessible from the Internet under own domain name (DNS).
You can put the certificates into the cfg/ssl directory and create a virtual host for your domain in cfg/vhost.txt

See also: https://www.mwiede.de/windows-php-webserver/#tls

degar
Posts: 3
Joined: Sun Feb 05, 2023 8:54 am

Re: https

Post by degar » Sun Feb 05, 2023 7:58 pm

I read that you have to renew the ssl every 90 days, which is a real buzz kill to me for making the effort, after doubly locking down my private directories with the wwadmin and a php lock. (Although, I am not sure if they are equal, or one is better than the other.)

It looks that a sub directories are also locked, which is a plus for the server method.

And expired ssl doesn't break the website does it? Also, Is it an easy process to get and install the ssl? If so, I might try it today.

User avatar
mwiede
Site Admin
Posts: 34
Joined: Fri Oct 27, 2017 12:56 pm
Location: Germany
Contact:

Re: https

Post by mwiede » Mon Feb 06, 2023 5:30 pm

Expired SSL certificates are blocked by Chrome and other modern browers. You should renew them.
Therefore i am delevoping a script to renew Let's Encrypt certificates with WWebserver.
I will show this script next days.

Post Reply