• News
• New
• Index
• About

Adding SSL to Anime Characters Database was no small feat.

First, needed to grab the latest copy of lighttpd.

After configuring it, compiling it installing it, updating my root Jail script to launch it, writing a new configuration file, generating a SSL perm file, generating some Diffie-Hellman and Elliptic-Curve Diffie-Hellman parameters installing, creating log files, altering permissions, modifying firewall rules...

The new server failed to start.

Damn thing was looking for shared libraries in the wrong path.

So I changed the configuration prefix, installed it in / then copied and pasted that into the chroot and it started fine ~

Next step was getting the right mod_redirect rules.

SSL is a bench. Always complaining. Always giving scary warnings. I swear the industry that reaps money off of "trusting" certificates has everything to do with this.

Self signed a cert and limited the server to www.animecharactersdatabase.com all other domains with redirect out.

Last but important, I reniced the lighttpd process to 20.

So even if a new SSL BEAST like hack happens, I wont care.

Also SSL is CPU intensive, so I also don't care.

nice 20 = lowest of low priority. If there's any CPU left, it'll run. The moment something else wants to run, it gets stopped. ^_^