Random Thread - Anything Goes
-
@coliver said in Random Thread - Anything Goes:
@scottalanmiller said in Random Thread - Anything Goes:
@hobbit666 said in Random Thread - Anything Goes:
Do internal Web Servers need to be on HTTPS??
e.g. Zabbix
We only access it from inside of the company. If i'm out and about i VPN in and then access the server
NEED TO BE? No
SHOULD BE? Yes
Any good reason to avoid it? No.
This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.
It's nearly a default. Okay not quite. but basically.
-
-
@coliver said in Random Thread - Anything Goes:
This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.
Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt
Or just use HTTPS
-
@hobbit666 said in Random Thread - Anything Goes:
@coliver said in Random Thread - Anything Goes:
This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.
Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt
Or just use HTTPS
Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?
-
@coliver said in Random Thread - Anything Goes:
@hobbit666 said in Random Thread - Anything Goes:
@coliver said in Random Thread - Anything Goes:
This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.
Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt
Or just use HTTPS
Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?
Some devices are not online just internal and they wouldn't do HTTP confirmation but they could do DNS confirmation.
-
@coliver said in Random Thread - Anything Goes:
Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?
At the moment no. Trying to work out if it's worth the trouble to get them online if they don't need to be accessed externally just to get a cert.
Thinking I should just get them on HTTPS only
-
-
-
-
-
-
@nadnerB said in Random Thread - Anything Goes:
what's with the vertical display? just trying to look geeky?
-
@nadnerB said in Random Thread - Anything Goes:
Or just because the actor looks ridiculous and the character is shit?
-
@Dashrender said in Random Thread - Anything Goes:
what's with the vertical display? just trying to look geeky?
If reading logs or looking at processes,it's actually super handy.
-
@scottalanmiller said in Random Thread - Anything Goes:
Or just because the actor looks ridiculous and the character is shit?
Right, just horrible, bad costume, bad acting, back character development. All around just bad.
-
@DustinB3403 said in Random Thread - Anything Goes:
@scottalanmiller said in Random Thread - Anything Goes:
Or just because the actor looks ridiculous and the character is shit?
Right, just horrible, bad costume, bad acting, back character development. All around just bad.
And even the actor won't watch the movie.
-
@Dashrender said in Random Thread - Anything Goes:
@nadnerB said in Random Thread - Anything Goes:
what's with the vertical display? just trying to look geeky?
Lots of accounting offices run at least one that way.
-
This post is deleted! -
@coliver said in Random Thread - Anything Goes:
@hobbit666 said in Random Thread - Anything Goes:
@coliver said in Random Thread - Anything Goes:
This was going to my answer. It's so easy to setup HTTPS that it makes no sense not to.
Ok so next level. Use a Certificate from an internal CA? As you can't use something like Letsencrypt
Or just use HTTPS
Why wouldn't Let'sEncrypt work? Do these systems not have access to the internet at all?
That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything. I fucking hate how people think that let’s encrypt is the master solution for SSL because it is not
-
@JaredBusch said in Random Thread - Anything Goes:
That’s not how let’s encrypt works. LE has to reach back to the device you cannot port forward everything to everything.
Actually it doesn't have to do that. I manage internal systems that don't have outside reaching in access and LE still works. They have alternative methods just for that. In my case, they aren't web servers.