I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
These are the steps I went through to set up an SSL cert.
Secure sessions are easy, but not very well documented. | |
Here's a recipe for secure sessions in Node.js when NginX is used as an SSL proxy: | |
The desired configuration for using NginX as an SSL proxy is to offload SSL processing | |
and to put a hardened web server in front of your Node.js application, like: | |
[NODE.JS APP] <- HTTP -> [NginX] <- HTTPS -> [PUBLIC INTERNET] <-> [CLIENT] | |
Edit for express 4.X and >: Express no longer uses Connect as its middleware framework, it implements its own now. |
I use Namecheap.com as a registrar, and they resale SSL Certs from a number of other companies, including Comodo.
These are the steps I went through to set up an SSL cert.
var xmpp = require('node-xmpp'); | |
//Set node-xmpp options. | |
//Replace with your projectID in the jid and your API key in the password | |
//The key settings for CCS are the last two to force SSL and Plain SASL auth. | |
var options = { | |
type: 'client', | |
jid: 'XXXXXXXXX@gcm.googleapis.com', | |
password: 'XXXXXXXX', | |
port: 5235, |
var crypto = require("crypto") | |
module.exports = function() { | |
var bytes = crypto.randomBytes(16) | |
bytes[6] &= 0x0f // 0000xxxx | |
bytes[6] += 0x40 // 0100xxxx | |
bytes[8] &= 0x3f // 00xxxxxx | |
bytes[8] += 0x80 // 10xxxxxx |
/* | |
* Copyright 2014 Google Inc. | |
* | |
* Licensed under the Apache License, Version 2.0 (the "License"); | |
* you may not use this file except in compliance with the License. | |
* You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, software |
var express = require('express'); | |
var app = express(); | |
app.use(express.bodyParser()); | |
var headlines = [ | |
{ author : 'John Smith', text : "You will not believe what this child does next."}, | |
{ author : 'Jane Doe', text : "It started as a protest, then turned into a party. Thats not even the interesting part."}, | |
{ author : 'Alice Example', text : "Can we squeeze two hundred jellybeans in one package? Yah probably."}, | |
{ author : 'Bob Allan', text : "This famous celebrity is opposed to something you are too."} |
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
# UPDATED 17 February 2019 | |
# Redirect all HTTP traffic to HTTPS | |
server { | |
listen 80; | |
listen [::]:80; | |
server_name www.domain.com domain.com; | |
return 301 https://$host$request_uri; | |
} | |
# SSL configuration |
const MY_DOMAIN = "agodrich.com" | |
const START_PAGE = "https://www.notion.so/gatsby-starter-notion-2c5e3d685aa341088d4cd8daca52fcc2" | |
const DISQUS_SHORTNAME = "agodrich" | |
addEventListener('fetch', event => { | |
event.respondWith(fetchAndApply(event.request)) | |
}) | |
const corsHeaders = { | |
"Access-Control-Allow-Origin": "*", |