b853bc5b6eb036cea2684c34c569865a9c460fbf
Share

Let’s Encrypt is a brand new automatic SSL certificates authority. Because it’s unfastened, it’s opening the doorways to an exhilarating new generation of protected servers and applied sciences. Laravel Forge was once just lately to permit one-click installations of Let’s Encrypt certificate. It is now more straightforward than ever to have your individual SSL!

Let’s take a couple of additional mins to optimize your server and lend a hand it carry out quicker and be extra protected. In this educational we can have a look at the use of SSL consultation caching, HTTP Strict Transport Security (HSTS), and Hypertext Transfer Protocol 2 (HTTP/2).

Prerequisites

  • A forge-managed server.
  • Site working beneath SSL.
  • nginx 1.9.5 or upper for HTTP/2 (the whole thing else must paintings).

Considerations

Multiple HTTPS websites on a unmarried IP cope with will motive nginx to make use of SNI to ascertain an SSL connection. Internet Explorer 8 and beneath on Windows XP, in addition to Android 2.3.7, don’t fortify SNI. They will most probably file a damaged certificates, or would possibly no longer be capable of attach in any respect. This is simplest one thing to fret about if you want to fortify outdated browsers.

SSL Log-Jam Fix

Forge now features a recipe to use the Diffie-Helmann Log-Jam Vulnerability patch. Run that towards the server in query ahead of appearing the next steps.

Run the Logjam Patch on Forge

SSL Optimizations

Enabling SSL can decelerate your web site’s load instances, particularly you probably have many information. Each request has some overhead of SSL negotiation. ahead of a reaction will get issued. Setting up SSL consultation caching gets rid of renegotiation for every request except the cache expires.

Using an optimized cypher suite will additional harden our safety configuration. This will cope with browser compatibility and cypher blacklists.

We may even permit Online Certificate Status Protocol (OCSP) stapling. The server will cache the revocation standing of the SSL certificate. This gets rid of the wish to question the certificates authority every time.

All those settings are highest arrange as a recipe in Laravel Forge. You can then run it very easily towards any of your servers:

SSL Optimization Recipe

Here is the script depicted above:

> **Note:** including this recipe to a server is not going to impact the non-SSL-secured internet websites for your server.

HTTP Strict Transport Security (HSTS)

HSTS is a internet safety coverage mechanism which is helping to offer protection to web pages towards protocol downgrade assaults and cookie hijacking. It permits internet servers to claim that internet browsers (or different complying consumer brokers) must simplest have interaction with it the use of protected HTTPS connections,[1] and not by means of the insecure HTTP protocol.
Wikipedia

Enabling HSTS provides us all of the advantages for browsers that fortify it. It additionally gained’t impact browsers that don’t fortify it.

Lets get to it. For this we wish to edit your websites nginx configuration report. You can get to it the use of the Edit Files drop-down for your web site display screen in Laravel Forge:

Edit Files

Add the next line in your server block:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Note: some tutorials come with a trailing “at all times” key phrase. But that isn’t the proper utilization of the command on this case. It must no longer be in each and every reaction. Instead, the browser will decide the proper utilization of the HSTS header as soon as it sees it.

HTTP/2

This is through some distance the most simple step. In your web site’s nginx configuration report upload “http2” to the top of the pay attention line for the server block.

pay attention 443 ssl http2;

Note: Do no longer upload this to the non-ssl server block listening on port 80.

Wrapping Things Up

All that’s left now’s to reload nginx and take a look at your server’s SSL configuration.

Restarting nginx in Laravel Forge

Next head to SSL Labs and take a look at your certificates. You must now be carrying a cast “A+”! Congratulations on making the web a quicker and more secure position! If you move in your web site now, you must realize an considerable pace building up in comparison to ahead of.

SSL Labs Test Result

supply By https://laravel-news.com/optimizing-ssl-laravel-forge