My goals for my website
NCSU provides students, faculty, and staff with an easy way to set up a personal website under their www4 subdomain, and I have taken advantage of this for years. Recently, I decided that my plain html page could use a facelift, and along with that, I wanted to take more control over my web presence and move off of NCSU's servers. I decided to start from scratch — other than using a freely available webpage template — and use this also as a learning experience. I wanted to be able to choose my operating system, server software, etc. I decided to go with a VPS (Virtual Private Server) since it was affordable and gave me the most control, while still providing better uptime than hosting on my own equipment.
One of the main ideas that influenced my choices in the configuration of this site was the idea that anyone who serves web content has a responsibility to contribute to the overall security of the internet. Anything you do on an insecure connection (HTTP) can be seen by anyone sharing your network (others connected to the same router, your ISP, anyone connected to their network). Insecure connections also make MITM attacks much easier. To do my tiny part for the health of the internet, I wanted to do my best with these considerations in mind. For me, this meant implementing the following:
- Default HTTPS access to my site, using valid SSL certificates, and using a header to let your browser know to access through HTTPS when you visit again (HSTS). This means more privacy for you since your computer's interaction with my website is encrypted.
- Restricting the protocols and ciphers that are used in the encrypted communication between your browser and my server (this comes at the expense of not supporting some old browsers). This means that the encryption that is being used is as strong and secure as reasonably possible.
- Allowing you to validate my chosen SSL certificates using DNSSEC and appropriate TLSA DNS entries (DANE). This means that you can be confident that your computer is communicating with my actual website and that what you see here is what I intended. To view this information in Firefox, I use DNSSEC/TLSA Validator.
One last goal I have that I've yet to implement is a way for visitors to comment on entries that I post here. To stay in-line with my goals, I want something entirely hosted on my own server that will be secure and protect your privacy, while allowing me to moderate and protect from spam. My current plan is to do this using Commentics (it seems like it may require care to work with HTTPS), but if anyone has any recommendations, let me know through the contact form on my main page.
The main thing I've learned through all of this is that taking responsibility for your own online security, as well as that of the visitors to whom you serve content, can be an intimidating task, but not out-of-reach of someone willing to put in a little bit of effort. I hope you enjoy my new site!
P.S. After all was said and done, this is what Firefox looks like when I browse to my site: