Upgrade to Debian Jessie planned

Posted on Saturday 2 April 2016

Debian Wheezy security support is scheduled to end at the end of April, therefore we have to upgrade to Debian Jessie before this deadline. The good news is that it leaves you a few weeks to check that your installed webapps will continue to work after the upgrade.

Please welcome HTTPS

Posted on Saturday 2 April 2016

Until recently, anything hosted by TuxFamily and reached over TLS (HTTPS, POPS, IMAPS, etc.) implied to accept a self-signed certificate.

Since the "Let's encrypt" initiative has become a reality, TuxFamily recently jumped on the bandwagon:

• *.tuxfamily.org web areas now benefit from a wildcard certificate (*.tuxfamily.org) kindly provided by GlobalSign.
• Most *.tuxfamily.org services also benefit from that wildcard certificate.
• Other TuxFamily-hosted web areas (e.g. vhffs.org or yabause.org) now benefit from a Let's Encrypt certificate.
• Due to technical limitations, *.*.tuxfamily.org web areas and domains remain plagued by a common name mismatch error; fortunately, those remain quite rare and should benefit from a Let's Encrypt certificate on the long run.

This setup should bring class-A HTTPS to your sites, and even A+ if you set up HSTS.

Since your web areas are now reachable by everybody over both HTTP and HTTPS, you are now free to adapt your sites accordingly; typical setups include (but are not restricted to):

• handling both protocols;
• enforcing only authenticated traffic to HTTPS;
• enforcing all traffic to HTTPS through redirections and/or HSTS implemented in .htaccess.