https://www.linuxhosted.com/tags/tls/Recent content in Tls on LinuxHosted.comHugo -- gohugo.ioenLinuxHosted.comTue, 09 Jun 2026 00:00:00 +0000https://www.linuxhosted.com/post/harden-nginx-ubuntu/Tue, 09 Jun 2026 00:00:00 +0000https://www.linuxhosted.com/post/harden-nginx-ubuntu/ <p>Out of the box, Nginx is fast and stable but tells the world more than it should and accepts more abuse than it needs to. It advertises its exact version in every response header, negotiates TLS protocols that should have been retired years ago, and lets a single misbehaving client hammer an expensive endpoint as hard as it likes. None of that requires a rewrite to fix — a handful of directives turns a default install into a server that gives attackers less to work with. This guide hardens Nginx on Ubuntu across four fronts: version disclosure, security headers, TLS policy, and request rate limiting — running <code>nginx -t</code> after every change so a typo never takes the site down.</p>https://www.linuxhosted.com/post/certbot-tls-ubuntu-vps/Mon, 08 Jun 2026 00:00:00 +0000https://www.linuxhosted.com/post/certbot-tls-ubuntu-vps/ <p>There is no longer any reason to serve a website over plain HTTP. A trusted TLS certificate costs nothing, browsers flag sites without one as &quot;Not Secure,&quot; and search engines treat HTTPS as a ranking signal. The piece that used to be painful — issuing, installing, and <em>renewing</em> certificates every ninety days — is now fully automated by <strong>Certbot</strong>, the EFF's Let's Encrypt client. This guide takes an Ubuntu VPS running Nginx from no certificate to a valid, auto-renewing one, and verifies that the renewal will actually fire long before the certificate expires.</p>