Technology

SSL Elliptic curve cryptography, as defined by Wikipedia “is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security.” The following instructions will allow NGINX to serve a self signed key from the origin to Cloudflare. On the box, alter /etc/nginx/nginx.conf to include references to the following:

Requirements The first step to any deployment is to find out the requirements. As this deployment will focus around Cloudflare’s Railgun, it is wise to work with that as a base. Railgun’s requirements can be found here, but it can be boiled down to the following: Dual core processor 4GB RAM 64-bit Architecture Memcache >= 1.4 with at least 512MB of storage (>1GB recommended) One of the following operating systems:

Instructions Build up an Apache or Nginx web server to serve a simple landing page or site through CloudFlare (location of origin doesn’t matter Digital Ocean, AWS, GoGrid, etc) Make the origin server only available over IPv6 Setup Railgun and confirm Railgun is working correctly (hint, you can use rg-diag which is installed with the railgun package) Documentation Generate a self-signed elliptic curve cert and use it on your origin server, then force all requests to your origin over SSL with page rules and HSTS.

Author’s note: this was originally written by me, but then optimized by Distil Networks’ excellent marketing team. However, Distil did not publish it. I am not currently affliated with Distil Networks. GPG and Encryption At Distil, we take security and privacy very seriously. Prior to joining Distil, I did not have a very hands on understanding of GPG keys. However, we use keys extensively to ensure that there are no breaches of confidentiality.

What is the SELinux? Some of the most frustrating but rewarding feelings come from those “a-ha!” moments. One of my favorite sayings is that your only difficult problems are the ones you are currently facing, as you already have solutions for resolved problems. Let me tell you about my “a-ha!” moments with SELinux, and how I’ve started to love documentation. As a brief summary, SELinux is “a mandatory access control (MAC) security mechanism implemented in the kernel” developed and maintained by the https://wiki.