Since moving to a new server running Apache for hosting websites I’ve been able to make quite a few changes that just weren’t quite possible with lighttpd. One major change is the use of IPv6. Ever since the move I’ve set up all hosted sites with AAAA records and made them available via IPv6, and it’s been working great. While I don’t see much traffic on this yet, I’m happy to know that the sites are all able to be reached this way. For reference:
;; ANSWER SECTION:
nuxx.net. 300 IN AAAA 2607:f4b8:5:2:e611:5bff:feac:3a60
I’ve also been wanting to move my personal site, nuxx.net, to be HTTPS-only. While not particularly important for most public content, this does protect session cookies for various admin functions that I may host under this domain, along with keeping any private content from prying eyes. Thanks to an SSL certificate from the new-to-me registrar gandi.net it was pretty easy to get this set up. I was then able to take the old non-HTTPS vhost and permanently redirect it over to the secure one, and all content simply moved over to the secure side:
<VirtualHost *:80>
ServerName nuxx.net
ServerAlias www.nuxx.net
ServerAdmin c0nsumer@nuxx.net
Redirect permanent / https://nuxx.net/
</VirtualHost>
The browser test screenshot seen above from Qualys SSL Labs SSL Server Test (live results here) shows that HTTPS is pretty well set up on nuxx.net. I’m sure it could be better, but for now I think it’s pretty good.
Thanks to the magic of this bit of SQL I was able to update all http://nuxx.net links in nuxx.net blog posts to https://nuxx.net, allowing most pages to validate as fully secure. I’ll have to do something similar on the other apps to bring them up to snuff:
UPDATE wp_posts SET post_content = REPLACE(post_content, 'http://nuxx.net', 'https://nuxx.net');
Amusingly, the use of HTTPS seems to dramatically cut down on automated SPAM. Perhaps some of the link spamming tools don’t want to deal with the overhead (or cert validation?) of HTTPS? I’d figure they could just ignore them, though…
Anyway, with all of this in place, I got to thinking about SPDY, Google’s shiny new protocol. An Apache module for implementing it, mod-spdy has been released and there is a FreeBSD Port for it, so I decided to give it a go. While the installation worked and Chrome showed it working (as seen via chrome://net-internals/#spdy). Unfortunately, I ran into a couple bugs. Most notable was that a number of httpd processes failed, and I ran into documented issues #36 and #39 which left me with an odd taste for this module. I’ve since disabled it, but once a new version is released I’ll probably try it again.