We're about three months away from relocating from Edinburgh to Newcastle and some of the immediate panic has worn off.
We've sold our sofa, our spare sofa, etc, etc. We've bought a used dining-table, chairs, and a small sofa, etc. We need to populate the second-bedroom as an actual bedroom, do some painting, & etc, but things are slowly getting done.
I've registered myself as a landlord with the city council, so that I can rent the flat out without getting into trouble, and I'm in the process of discussing the income possibilities with a couple of agencies.
We're still unsure of precisely which hospital, from the many choices, in Newcastle my wife will be stationed at. That's frustrating because she could be in the city proper, or outside it. So we need to know before we can find a place to rent there.
Anyway moving? It'll be annoying, but we're making progress. Plus, how hard can it be?
I previously had a /28 assigned for my own use, now I've doubled that to a /27 which gives me the ability to create more virtual machines and run some SSL on some websites.
Using SNI I've actually got the ability to run SSL almost all sites. So I configured myself as a CA and generated a bunch of certificates for myself. (Annoyingly few tutorials on running a CA mentioned SNI so it took a few attempts to get the SAN working. But once I got the hang of it it was simple enough.)
So if you have my certificate authority file installed you can browse many, many of my interesting websites over SSL.
I run a number of servers behind a reverse-proxy. At the moment the back-end is lighttpd. Now that I have SSL setup the incoming requests hit the proxy, get routed to lighttpd and all is well. Mostly.
However redirections break. A request for:
Gets rewritten to:
That is because lighttpd generates the redirection and it only sees the HTTP connection. It seems there is mod_extforward which should allow the server to be aware of the SSL - but it doesn't do so in a useful fashion.
So right now most of my sites are SSL-enabled, but sometimes they'll flip to naked and unprotected. Annoying.
I don't yet have a solution..
Tags: ca, edinburgh, moving, newcastle, relocation, ssl 5 comments
Does your proxy support the X-Forwarded-Proto header?