Re: OT: SSL certificates

2016-03-08 Thread Gabor Szabo 
On Tue, Mar 8, 2016 at 9:47 PM, shimi  wrote:

> On Tue, Mar 8, 2016 at 9:33 PM, Gabor Szabo  wrote:
>
>> I am trying letsencrypt.org . 
>> I just cloned their repo and started to follow their instructions, but
>> then they say "nginx support is experimental, buggy, and not installed by
>> default" and I am using nginx for most of my servers. I guess their nginx
>> support will come soon and I can wait a bit though I wonder, have any of
>> you used it on nginx?
>>
>>
> When they say 'nginx support' they mean 'automatically configuring nginx
> for you'. There are plenty other ways (including manual, with other clients
> that doesn't force you to provide them with root access to your machine) to
> just issue the cert from a CSR, and install the cert normally on any web
> server you want. See for example
> https://tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html and
> https://github.com/diafygi/letsencrypt-nosudo
>


Very useful links. Thanks

Gabor
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

2016-03-08 Thread shimi 
On Tue, Mar 8, 2016 at 9:33 PM, Gabor Szabo  wrote:

> I am trying letsencrypt.org . 
> I just cloned their repo and started to follow their instructions, but
> then they say "nginx support is experimental, buggy, and not installed by
> default" and I am using nginx for most of my servers. I guess their nginx
> support will come soon and I can wait a bit though I wonder, have any of
> you used it on nginx?
>
>
When they say 'nginx support' they mean 'automatically configuring nginx
for you'. There are plenty other ways (including manual, with other clients
that doesn't force you to provide them with root access to your machine) to
just issue the cert from a CSR, and install the cert normally on any web
server you want. See for example
https://tty1.net/blog/2015/using-letsencrypt-in-manual-mode_en.html and
https://github.com/diafygi/letsencrypt-nosudo

HTH,

-- Shimi
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

2016-03-08 Thread Gabor Szabo 
I am trying letsencrypt.org . 
I just cloned their repo and started to follow their instructions, but then
they say "nginx support is experimental, buggy, and not installed by
default" and I am using nginx for most of my servers. I guess their nginx
support will come soon and I can wait a bit though I wonder, have any of
you used it on nginx?

regards
  Gabor




On Tue, Mar 8, 2016 at 8:27 AM, Michael Tewner  wrote:

> As far as I know, letsencrypt.org certs are only good for 90 days, and
> you'll want to have a script automatically renew and replace the cert in
> the background all the time.
> I like https://www.namecheap.com , as it helps you find the cheapest
> between different CA's.
> CACert is worthy of this community's support, but as you mentioned, their
> certs aren't included in any browsers or OS's.
>
>
>
> On Tue, Mar 8, 2016 at 7:24 AM, Baruch Siach  wrote:
>
>> Hi Gabor,
>>
>> On Tue, Mar 08, 2016 at 07:05:03AM +0200, Gabor Szabo wrote:
>> > A found plenty of companies offering SSL certificates. One of them
>> > https://www.ssl.com/
>> > that was recommended by the domain registrar I am using had
>> > $177 / year for the first 3 hostname and then $49 / year for each
>> > additional hostname and $129/year for each wildcard domain.
>> >
>> > Is that a reasonable price? Any suggestions?
>>
>> How about https://letsencrypt.org/ free certs?
>>
>> baruch
>>
>> --
>>  http://baruch.siach.name/blog/  ~. .~   Tk Open
>> Systems
>>
>> =}ooO--U--Ooo{=
>>- bar...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: RFC: Creating an Israeli directory of Linux savvy Computer Professionals?

2016-03-08 Thread Shlomi Fish 
Hi all,

On Sun, Feb 14, 2016 at 12:53 PM, Shlomi Fish  wrote:

> Hi Amichai and everyone,
>
> On Sat, Feb 13, 2016 at 11:27 PM, Amichai Rotman 
> wrote:
>
>> I mentioned this list as an example for how the list *shouldn't* look...
>>
>> It is also well hidden. The average Joe will not be able to use it and
>> will never find it...
>>
>> We (as a community) need to revamp the http://www.linux.org.il web site.
>> In it's current state, it looks like an outdated early 90s site...
>>
>> Amichai Rotman
>>
>>
> The sources for http://www.linux.org.il/ are maintained in a GitHub
> repository at https://github.com/Hamakor/linux.org.il . Filing pull
> requests or specific issues is welcome. If you can suggest modifications or
> solicit people to do that, then they will be considered.
>
> Talk is cheap and complaints are easy. Actually doing something about it
> is where it's at. See http://shlomif.livejournal.com/39215.html .
>
>
I have yet to hear back from Amichai regarding my suggestions, and it's
been over three weeks.

Regards,

-- Shlomi Fish

-- 
--
Shlomi Fish http://www.shlomifish.org/

Chuck Norris helps the gods that help themselves.

Please reply to list if it's a mailing list post - http://shlom.in/reply .
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

2016-03-08 Thread E.S. Rosenberg 
2016-03-08 12:27 GMT+02:00 geoffrey mendelson :
> On 3/8/2016 12:01 PM, E.S. Rosenberg wrote:
>>
>>
>>
>>
>> Let us know if you find something in a few month OpenWRT should be
>> releasing 16.x (Designated Driver, if they manage to stick to the roughly
>> yearly releases) which may bring improved support for your existing device
>> considering how they already have half decent support there is someone (and
>> probably more then one someone) working on it
>>
>> If you want something really powerful with a very powerful OS have a look
>> at this:
>> http://routerboard.com/RB962UiGS-5HacT2HnT
>
> That looks like what I want, but I am sure it is too much money. I am
> looking for  two ethernet ports (one in, one out) and enough smarts to
> support GRE tunnels (such as an old cisco router, that friends in the US
> recycled by the 100's), or some form of open WRT. Anything else is extra,
> but not needed.
It is priced similarly to the high end TP-Links and has high end specs
RouterOS (Mikrotik) is a very powerful router OS based on Linux used
in system critical applications but also available for home use.
>
> I think, besides finding old cisco routers in someone's junkpile (so far
> unsuccessful), a home grade wifi router would be perfect.
>
> Anyone have a WRT-54gl they want to get rid of cheaply?
If those are all your demands an ~80NIS WR740N meets you requirements
fully. (though you need to be careful the latest revision seems to
only have experimental support)...

If anything the WR740N is more powerful then the wrt54gl and unlike
the wrt54gl can run the latest version of OpenWRT.

HTH,
Eliyahu - אליהו
>
>
> Geoff.
>
> --
> Geoffrey S. Mendelson 4X1GM/N3OWJ
> Jerusalem Israel.
>

___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: vdsl2 router

2016-03-08 Thread E.S. Rosenberg 
2016-03-08 9:10 GMT+02:00 Amos Shapira :

> What exact model of TP-Link have you got?
>
WR740N (v4.x), WR841ND (v5.x), WR1043ND (v1.x)

> I have a TP-Link AC1750 ADSL2+ modem router which is great except that
> OpenWRT doesn't support this specific model's WiFi well (see multiple
> "Notes" in https://wiki.openwrt.org/toh/tp-link/archer-c5-c7-wdr7500)
>
Did you check recently? The way I understand the notes v2 is fully
supported while v1.x only the 2.4GHz Band is supported (though they do
write that they don't do hardware NAT which will affect you if you have a
WAN line > 300MBit/s).

So I'm half-heartedly on the lookout for something to run OpenWRT or VyOS
> on, with 1Gb ethernet and 802.11ac WiFi and which can be used to do smart
> and efficient routing especially over OpenVPN tunnels.
>
Let us know if you find something in a few month OpenWRT should be
releasing 16.x (Designated Driver, if they manage to stick to the roughly
yearly releases) which may bring improved support for your existing device
considering how they already have half decent support there is someone (and
probably more then one someone) working on it

If you want something really powerful with a very powerful OS have a look
at this:
http://routerboard.com/RB962UiGS-5HacT2HnT

Regards,
Eliyahu - אליהו

>
>
> On 8 March 2016 at 10:07, E.S. Rosenberg  wrote:
>
>> Personally I don't bother with the modem/router supporting OpenWRT, I
>> bought a nice TP-Link router which functions as the router of my
>> networks and runs OpenWRT then the provider router/bridge/whatever box
>> is just used as a bridge device and nothing more.
>>
>> There are far less xDSL devices that support *WRT and also you never
>> know if the device you'll get from your provider is under your full
>> control (these days with 2/3-play packages the router tends to not be
>> under your control since it also does your VoIP/TV) so as far as I am
>> concerned the provider-device is 'outside' my network and should be
>> treated as such
>>
>> Also the provider devices tend to have terrible firmware/updates which
>> of course you want to salvage with *WRT.
>>
>> Regards,
>> Eliyahu - אליהו
>>
>> 2016-03-01 13:40 GMT+02:00 Rabin Yasharzadehe :
>> > In my opinion , a good place to start is this list -
>> > http://www.netcheif.com/Articles/VDSL_Router/VDSL_Router.htm
>> > find one/two that meet your demand, and then check if they have support
>> for
>> > openwrt/dd-wrt
>> >
>> > --
>> > Rabin
>> >
>> > On 1 March 2016 at 12:43, sara fink  wrote:
>> >>
>> >> Hi Everyone
>> >>
>> >> I would like to buy a vdsl2 router that supports openwrt or ddwrt.
>> Anyone
>> >> has experience with a good router? Xphone gives dlink 225 which doesn't
>> >> support openwrt.
>> >>
>> >> ___
>> >> Linux-il mailing list
>> >> Linux-il@cs.huji.ac.il
>> >> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >>
>> >
>> >
>> > ___
>> > Linux-il mailing list
>> > Linux-il@cs.huji.ac.il
>> > http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>> >
>>
>> ___
>> Linux-il mailing list
>> Linux-il@cs.huji.ac.il
>> http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
>>
>
>
>
> --
> 
>
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il

Re: OT: SSL certificates

2016-03-08 Thread Efraim Flashner 
I use wosign for my free certs. They're good for up to 3 years, free is good, 
and afaik they're in all the browsers. The website is in chinese though, so 
that can make it a bit challenging.

On Tue, 8 Mar 2016 07:05:03 +0200
Gabor Szabo  wrote:

> Hi there,
> 
> I think it's time to move some of my sites to use https, but as I only had
> self-signed ssl so far I wonder if you ppl have any recommendation where to
> get the certificate from and how much
> should I expect to pay?
> 
> I have one domain with about 20 subdomains (the translated versions of my
> articles)
> and a few other domains with 1-2, sometimes even more subdomains.
> 
> Most of them are probably considered commercial as they have ads on it and
> on some of them I even have a few subscribers, but they are, unfortunately,
> not a big business. Nevertheless I think this might exclude some "open
> source" providers.
> 
> I looked at http://www.cacert.org/ but as I can see the certificate they
> use on their own site is not recognized by either Chrome or Firefox. That
> does not seem to be a good thing. (See https://www.cacert.org/ )
> 
> A found plenty of companies offering SSL certificates. One of them
> https://www.ssl.com/
> that was recommended by the domain registrar I am using had
> $177 / year for the first 3 hostname and then $49 / year for each
> additional hostname and $129/year for each wildcard domain.
> 
> Is that a reasonable price? Any suggestions?
> 
> regards
>Gabor



-- 
Efraim Flashner      אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


pgpSwWEF804ce.pgp
Description: OpenPGP digital signature
___
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il