Let's be a Raspberry Pi Noob


#1

I am hoping to set up a small personal web server, for myself and other family members, using a Raspberry Pi 2, to take back ownership from companies like Facebook and Google. Obviously low-cost is key, and that’s why Let’s Encrypt seems like it should be part of my solution. I don’t want to sacrifice secure communication, in 2015, where HTTPS is expected.

I am a total noob and have not run any sort of server before. I’ve installed Raspbian Jessie and lighttpd, which I believe I can configure to serve two apparently separate personal websites (for example, abc.net and xyz.com) served by the Pi on the same IP address.

I’ll use either the Pi or my DD-WRT Router to dynamically keep DNS up-to-date regarding my IP address (the Router and various dynamic DNS services seem limited to only one domain name … is this really so unusual? How can I be the only person who wants this?).

The piece I’m missing is SSL certificates. I don’t even care if they “prove” that my sites are who they say they are. That’s not the point. We’re not businesses. I just want communication standards appropriate to this century.

But it seems like I need to have a client or a plugin or something, which I don’t understand, nor does there appear to be one suitable for lighttpd. Do I really need to install a program, or is there a way to just install the certificates?


#2

I’m no expert on lighttpd; but if you don’t mind the warning, you can just use self-signed; a quick google will help you there : http://www.cyberciti.biz/tips/howto-lighttpd-create-self-signed-ssl-certificates.html
Unlike all the warnings you and the visitors get, I believe its more safe then the http version !

If you wait a few more weeks (November) you can just use letsencrypt and get a “valid” certificate using this : https://letsencrypt.org/howitworks


#3

Yes, but you should still check the hash of the certificate. But as create the cert by yourself this should not be a problem.


#4

IMHO it’s quite unusual indeed. However you could do two things (although that’s a bit off-topic now as it has nothing to do with HTTPS/Let’S Encrypt/…:

  1. Use two DynDNS services which obviously server two domains or use one and register two times.
    Ovbiously you have to update two DynDNS services/accounts in this case. I don’t know how to do that or if it is even possibly, but theoretically that’s a way to go.
  2. Just use a subdomain of your DynDNS service, so e.g. mydyndns.dyndns.example would be your main domain and addsite.mydyndns.dyndns.example another one)

#5

Hi,

Not sure if this will help but I’m running a web server on a Pi2 with two sub-domains and a third on another server when I can get Proxypass to work properly using:-

Rasbian
Apache2
with sites
example.com
www.example.com
blog.example.com
zm.example.com

All point to the same IP address and are served using apache2 virtual hosts. You need to set up CNAME records with your domain name registrar for the sub-domains (should be free?)

LetsEncrypt certs work perfectly with Apache2 virtual hosts.

Hope that helps??
Steve