X-Original-To: alpine-infra@mail.alpinelinux.org
Delivered-To: alpine-infra@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id A79C0DC023D;
	Sat, 27 Feb 2016 00:17:35 +0000 (UTC)
Received: from mail-lb0-f171.google.com (mail-lb0-f171.google.com [209.85.217.171])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 3D904DC0157;
	Sat, 27 Feb 2016 00:17:34 +0000 (UTC)
Received: by mail-lb0-f171.google.com with SMTP id bc4so54921185lbc.2;
        Fri, 26 Feb 2016 16:17:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc;
        bh=riONcXdTBa102gsUKxO6wR0SRBzIU9FTXgS4GBlSdo0=;
        b=FamzMcVdahl5mNhAMfhlW84RPSaix++vgbUnlOm6tn6xvS9teCAnjk5wlU1bJlwXM1
         lEWUYrNGC7tz56/RG7qyO76IzOgVpUL97anYjyQdj+KVI+qMHBcilWppVStibpDR/Tiv
         gKQa+for633ONxNwXzwsxn5RGl3vkbj5ha5lbPokngmvFGCKX/ENHbrvkMKvmryCPC3X
         QdVIBnhm4PH5FbZeQBk9fOT9eBtsfDD360fVb0V/sAZcePEQSq8DYxDV5vYBcz+E14TD
         gQ3ZvX+efORYuHryz9k9pYmRClxxo+hXBThZvZTngvobI5i6nMjbX5xMJDXy9WswoF1i
         zhtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:date
         :message-id:subject:from:to:cc;
        bh=riONcXdTBa102gsUKxO6wR0SRBzIU9FTXgS4GBlSdo0=;
        b=dDBt3mh0bpw3ZZMChCjcpcTD0rp7ixe8S4JKgC9VGnXRq26ELlBb7x9wCPBm7521UY
         LsQbDUd+rymL8FpMKczZ0eJQJUVBN0breEICS9pqhZnJTqAWeUYHQ0N/mg/2HVtP1ANu
         YUWm8IarjuoR88iJ9hTKdjPVY3Hb6CsJtXYxpcuxoNTqED+AtW+7Zfh0SB5Z/dnV3qxS
         19VmbogpdEsNq91jpS/yaqSiXy/Qg2SDEpJT2K9qw2oI7vI6CMRyp8LHlCwT7U4qFQGj
         qDpCki4vcBb98wbrLSmfnlaAXJkvyjnWMoUTrwr7Te3LpDeeoJK+mbyimhfi37WIYXSd
         jljg==
X-Gm-Message-State: AD7BkJLHKDw1QP+wapp4w2hUl9uHfnP+U/iRkCsoCZaHLHYXlGzohCst/wanp3AhhBIn5A/epxXLffVdSuUlAQ==
MIME-Version: 1.0
X-Received: by 10.112.181.196 with SMTP id dy4mr1622552lbc.42.1456532252026;
 Fri, 26 Feb 2016 16:17:32 -0800 (PST)
Received: by 10.114.69.67 with HTTP; Fri, 26 Feb 2016 16:17:31 -0800 (PST)
In-Reply-To: <56D06376.2020709@alpinelinux.org>
References: <56D06376.2020709@alpinelinux.org>
Date: Sat, 27 Feb 2016 01:17:31 +0100
Message-ID: <CA+cSEmN_jDLGo4dCNt41MDAwxNDzGW+qES-jXdno3oBiLuwOgA@mail.gmail.com>
Subject: Re: Proposal for TLS on websites
From: Carlo Landmeter <clandmeter@gmail.com>
To: Nathan Angelacos <nangel@alpinelinux.org>
Cc: "alpine-infra@alpinelinux.org" <alpine-infra@alpinelinux.org>
Content-Type: multipart/alternative; boundary=001a11c36f5c7c70cf052cb55790
X-Virus-Scanned: ClamAV using ClamSMTP

--001a11c36f5c7c70cf052cb55790
Content-Type: text/plain; charset=UTF-8

On 26 February 2016 at 15:38, Nathan Angelacos <nangel@alpinelinux.org>
wrote:

> I'm leaning toward letsencrypt and 4096bit certs.
>

I have been trying letsencrypt today together with Caddy webserver and it
seems an interesting option. I have currently converted my local pound
proxy to caddy and i am serving pkgs.alpinelinux.org from it.

Although its Golang (we dont want any language wars on this list) it seems
as a very interesting and simplified approach to an http server. I have
added it to aports, so people can try it out. The package will probably
need some love, but it should work.

The nice thing about it is, it has the letsencrypt build in, and it will
automatically create the certs for the sites defined and automatically
forward all http traffic to https. Also the configuration is very easy to
understand, and the certs get automatically renewed so no need for any
scripts to run in the background.

-carlo

--001a11c36f5c7c70cf052cb55790
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On 26 February 2016 at 15:38, Nathan Angelacos <span dir=3D"ltr">&lt;<a=
 href=3D"mailto:nangel@alpinelinux.org" target=3D"_blank">nangel@alpinelinu=
x.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"m=
argin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I&#39;m leani=
ng toward letsencrypt and 4096bit certs.<br></blockquote><div><br></div><di=
v>I have been trying letsencrypt today together with Caddy webserver and it=
 seems an interesting option. I have currently converted my local pound pro=
xy to caddy and i am serving <a href=3D"http://pkgs.alpinelinux.org">pkgs.a=
lpinelinux.org</a> from it.</div><div><br></div><div>Although its Golang (w=
e dont want any language wars on this list) it seems as a very interesting =
and simplified approach to an http server. I have added it to aports, so pe=
ople can try it out. The package will probably need some love, but it shoul=
d work.</div><div><br></div><div>The nice thing about it is, it has the let=
sencrypt build in, and it will automatically create the certs for the sites=
 defined and automatically forward all http traffic to https. Also the conf=
iguration is very easy to understand, and the certs get automatically renew=
ed so no need for any scripts to run in the background.</div><div><br></div=
><div>-carlo</div></div></div></div>

--001a11c36f5c7c70cf052cb55790--