From 1cdef7184595666a18499e1a55b24af467b3995d Mon Sep 17 00:00:00 2001 From: Brian Cunnie Date: Sun, 30 Aug 2015 10:27:54 -0700 Subject: [PATCH] Beautified everything, again wrapping is a pain--I needed to reflow and then beautify --- .jsbeautifyrc | 10 +++ document_root/about.html | 52 +++++++------- document_root/faq.html | 145 +++++++++++++++++++++++---------------- document_root/index.html | 140 +++++++++++++++++++------------------ 4 files changed, 194 insertions(+), 153 deletions(-) create mode 100644 .jsbeautifyrc diff --git a/.jsbeautifyrc b/.jsbeautifyrc new file mode 100644 index 0000000..4ebf29e --- /dev/null +++ b/.jsbeautifyrc @@ -0,0 +1,10 @@ +{ + "html": { + "unformatted": ["a", "sub", "sup", "b", "i", "u", "pre"], + "wrap_line_length": 60, + "wrap_attributes": "auto", + "beautifyEntireFileOnSave": true, +// "preserve_newlines": false, + "indent_size": 2 + } +} diff --git a/document_root/about.html b/document_root/about.html index 141425d..dbb3e9b 100644 --- a/document_root/about.html +++ b/document_root/about.html @@ -1,26 +1,23 @@ - - - - + + About sslip.io - + - - - -
-

About sslip.io

-

Tyler Schultz, Alvaro Perez Shirley, and Brian Cunnie created sslip.io on Tuesday August 11, 2015 during a Pivotal Software-sponsored - Hack Day. Thanks Pivotal!

-

Sam Stephenson built xip.io, upon which much of our code is based. He also suggested the name sslip.io.

-

Justin Smith advised us on the security implications of releasing an SSL certificate and key to the general public.

+

Tyler Schultz, + Alvaro Perez Shirley, + and Brian Cunnie created sslip.io on Tuesday August 11, 2015 during a + Pivotal Software-sponsored Hack Day. Thanks Pivotal!

+

Sam Stephenson built xip.io, upon which + much of our code is based. He also suggested the name + sslip.io.

+

Justin Smith advised us on the security implications of releasing + an SSL certificate and key to the general public.

@@ -70,7 +70,6 @@ come first in the head; any other head content must come *after* these tags -->
- @@ -83,20 +82,21 @@ come first in the head; any other head content must come *after* these tags --> - + diff --git a/document_root/faq.html b/document_root/faq.html index a5cd629..8b99f33 100644 --- a/document_root/faq.html +++ b/document_root/faq.html @@ -1,5 +1,4 @@ - @@ -9,7 +8,6 @@ initial-scale=1"> - sslip.io FAQ @@ -18,10 +16,8 @@ other head content must come *after* these tags --> - - - -
-

FAQ

Do I have to pay to use this service?

No, it's free.

Can I use this certificate on my commerce website?

-

Although there's no technical reason why you couldn't use the sslip.io SSL key and certificate for your commerce web, we strongly recommend against it: the key is publicly available; your traffic isn't secure. sslip.io's primary purpose is - to assist developers who need to test against valid SSL certs, not to safeguard content.

-

My webserver wants a certificate and an "intermediate certificate chain"—where do I get that? -

-

Certain web servers (e.g. Tenable's Nessus scanner) prefer to split the chained certificate file (which has three concatenated certificates) - into two files: one file containing a single certificate for the server itself (e.g. the "*.sslip.io" certificate), and a second file containing the intermediate certificate authorities (e.g. the two COMODO certificate authorities).

-

You can split the chained certificate file by hand, or you can download them, pre-split, from GitHub: -

+

Although there's no technical reason why you couldn't use + the sslip.io SSL key and certificate for your commerce + web, we strongly recommend against it: the key + is publicly available; your traffic isn't secure. sslip.io's + primary purpose is to assist developers who need to test + against valid SSL certs, not to safeguard content.

+

My webserver wants a certificate and an "intermediate certificate + chain"—where do I get that?

+

Certain web servers (e.g. Tenable's Nessus scanner) prefer to split the chained certificate file + (which has three concatenated certificates) into two + files: one file containing a single certificate for the + server itself (e.g. the "*.sslip.io" certificate), and + a second file containing the intermediate certificate + authorities (e.g. the two COMODO certificate authorities).

+

You can split the chained certificate file by hand, or + you can download them, pre-split, from GitHub:

    -
  • the server certificate ("*.sslip.io") -
    • -
  • the intermedicate certificate chain (the COMODO CAs)
    • +
  • the server certificate ("*.sslip.io")
    • +
  • the intermedicate certificate chain (the COMODO CAs)
-

Why can't I use dots in my hostname? xip.io lets me use dots. -

-

You can't have dots, but you can have dashes: for example, "www-sf-ca-us-10-9-9-142.sslip.io" will work with sslip.io's wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" will not. This is a technical limitation of wildcard certs and the manner in which browsers treat them (read more here). This restricts sslip.io's usage model. For example, it won't work properly with Cloud Foundry's app domain or system domain. -

Can you make the hostnames easier to remember? I'm being force to memorize IP addresses.

-

Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" is not an easy-to-remember hostname, whereas - something along the lines of - "aws-server.sslip.io" would be much simpler, but we don't see an easy solution—we need to be - able to extract the IP address from the hostname in order for our DNS nameserver to reply with the proper - address when queried.

-

Do you have support for IPv6-style addresses?

-

Not yet, but if there's enough demand for it we might try implementing it.

-

Why did you choose a 4096-bit key instead of a 2048-bit key?

-

We couldn't help ourselves—when it comes to keys, longer is better. In retrospect there were flaws in our thinking: certain hardware devices, e.g. YubiKeys, only support keys of length 2048 bits or less. Also, there was no technical value - in making a long key—it's publicly available on GitHub, so a zero-bit key would have been equally secure.

-

Do I have to use the sslip.io domain? I'd rather have a valid cert for my domain.

-

If you want valid SSL certificate, and you don't want to use the sslip.io domain, then you'll need to purchase a certificate for your domain. We purchased ours from Cheap SSL Shop, but use a vendor with - whom you're comfortable.

-

What is the sslip.io certificate chain? -

-

The sslip.io certificate chain is the series of certificates, each signing the next, with a root certificate at the top. It looks like the following:

-
-
-
-

-

Note that the "root" certificate is "AddTrust's External CA Root", which issued a certificate to the "COMODO RSA Certification Authority", which in turn issued a certificate to the "COMODO RSA Domain Validation Secure Server CA" which in turn issued - our certificate, "*.sslip.io".

-

How is "sslip.io" pronounced?

-

ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH

-

Where do I report bugs? I think I found one.

-

Open an issue on GitHub; we're tracking our issues there.

-

There's a typo/mistake on the sslip.io website. -

-

Thanks! We love pull requests.

-
+

Why can't I use dots in my hostname? xip.io lets me use + dots.

+

You can't have dots, but you can have dashes: for example, + "www-sf-ca-us-10-9-9-142.sslip.io" will work with sslip.io's + wildcard SSL certificate, but "www.sf.ca.us.10.9.9.142.sslip.io" + will not. This is a technical limitation of wildcard + certs and the manner in which browsers treat them (read + more here). + This restricts sslip.io's usage model. For example, it + won't work properly with Cloud Foundry's app domain or + system domain. +

Can you make the hostnames easier to remember? I'm being + force to memorize IP addresses.

+

Unfortunately, no. We appreciate that "52-0-56-137.sslip.io" + is not an easy-to-remember hostname, whereas something + along the lines of "aws-server.sslip.io" would be much + simpler, but we don't see an easy solution—we + need to be able to extract the IP address from the + hostname in order for our DNS nameserver to reply with + the proper address when queried.

+

Do you have support for IPv6-style addresses?

+

Not yet, but if there's enough demand for it we might + try implementing it.

+

Why did you choose a 4096-bit key instead of a 2048-bit + key?

+

We couldn't help ourselves—when it comes to keys, + longer is better. In retrospect there were flaws in + our thinking: certain hardware devices, e.g. YubiKeys, + only support keys of length 2048 bits or less. Also, + there was no technical value in making a long key—it's + publicly available on GitHub, so a zero-bit key would + have been equally secure.

+

Do I have to use the sslip.io domain? I'd rather have + a valid cert for my domain.

+

If you want valid SSL certificate, and you don't want + to use the sslip.io domain, then you'll need to purchase + a certificate for your domain. We purchased ours from + Cheap SSL Shop, + but use a vendor with whom you're comfortable.

+

What is the sslip.io certificate chain?

+

The sslip.io certificate chain is the series of certificates, + each signing the next, with a root certificate at the + top. It looks like the following:

+
+
+

-
-

© 2015 Brian Cunnie, Pivotal Software -

+

Note that the "root" certificate is "AddTrust's External + CA Root", which issued a certificate to the "COMODO + RSA Certification Authority", which in turn issued + a certificate to the "COMODO RSA Domain Validation + Secure Server CA" which in turn issued our certificate, + "*.sslip.io".

+

How is "sslip.io" pronounced?

+

ESS-ESS-ELL-EYE-PEE-DOT-EYE-OH

+

Where do I report bugs? I think I found one.

+

Open an issue on GitHub; + we're tracking our issues there.

+

There's a typo/mistake on the sslip.io website.

+

Thanks! We love pull requests.

+
+

+
+

© 2015 Brian Cunnie, Pivotal Software

- @@ -138,14 +164,13 @@ other head content must come *after* these tags --> i[r] = i[r] || function() { (i[r].q = i[r].q || []).push(arguments) }, i[r].l = 1 * new Date(); - a = s.createElement(o), m = - s.getElementsByTagName(o)[0]; + a = s.createElement(o), m = s.getElementsByTagName( + o)[0]; a.async = 1; a.src = g; m.parentNode.insertBefore(a, m) })(window, document, 'script', '//www.google-analytics.com/analytics.js', 'ga'); - ga('create', 'UA-43107212-2', 'auto'); ga('send', 'pageview'); diff --git a/document_root/index.html b/document_root/index.html index f1fe2f7..623fe60 100644 --- a/document_root/index.html +++ b/document_root/index.html @@ -1,45 +1,41 @@ - - - - + + Welcome to sslip.io +compiled and minified CSS --> - - + - - - - + + + - -
-

sslip.io

Turn your red lock into a green lock!


- -
+

- -
+

What is it?

-

sslip.io is a means for developers to test against valid SSL certificates - without the bother of purchasing them. Two components make this possible:

+

sslip.io is a means for developers to test against + valid SSL certificates without the bother of purchasing + them. Two components make this possible:

    -
  1. a special DNS backend that maps crafted hostnames to IP addresses - (e.g. 192-168-0-1.sslip.io resolves to 192.168.0.1) (similar to xip.io)
    2. -
  2. a wildcard SSL certificate for *.sslip.io and the corresponding key, both downloadable - from GitHub
    3. +
  3. a special DNS backend that maps crafted hostnames to + IP addresses (e.g. 192-168-0-1.sslip.io resolves + to 192.168.0.1) (similar to xip.io)
    4. +
  4. a wildcard SSL certificate for *.sslip.io and the corresponding + key, both downloadable from GitHub

A developer can install the certificate and key on the - server, configure the server's name to its sslip.io fully-qualified domain name, - (FQDN, e.g. 52-0-56-137.sslip.io), at which point anyone can - browse the server using the sslip.io FQDN via HTTPS and receive a valid - SSL connection (green lock). All in a matter of seconds.

-

How do I use it? -

-

First, find your server's IP address to determine its sslip.io hostname

-

Your server's sslip.io hostname is a mash-up of your server's IP address and the sslip.io domain. Here are some examples:

+ server, modify the server's configuration and restart + the daemon, at which point anyone can browse the server + using the sslip.io hostname (e.g. 52-0-56-137.sslip.io) + via HTTPS and receive a valid SSL connection (green lock). + All in a matter of seconds.

+

How do I use it?

+

First, find your server's IP address to determine its sslip.io + hostname

+

Your server's sslip.io hostname is a mash-up of your server's + IP address and the sslip.io domain. Here are some + examples:

@@ -113,27 +110,35 @@ come first in the head; any other head content must come *after* these tags -->
Server's IP Address

- -

Note that in the last two examples we prepended additional information to the hostname, i.e. "www-" and "console-", respectively. This allows sslip.io to work with name-based +

Note that in the last two examples we prepended additional + information to the hostname, i.e. "www-" and "console-", + respectively. This allows sslip.io to work with name-based virtual hosting.

- -

Second, download sslip.io's SSL certificate and key from GitHub

-

Download the SSL key (sslip.io.key.pem) and wildcard SSL certificate chain (sslip.io.chained.crt.pem) - from GitHub. You may use curl if you prefer the command line:

- 
+      
Second, download sslip.io's SSL certificate and key from
+        GitHub

+      
Download the SSL key (sslip.io.key.pem)
+        and wildcard SSL certificate chain (sslip.io.chained.crt.pem)
+        from GitHub. You may use curl if you prefer the
+        command line:
 
 curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.key.pem
 curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/master/ssl/sslip.io.chained.crt.pem

-      
Third, configure the webserver with your sslip.io hostname, SSL certificate, and SSL key

-      
Configure your webserver. Set the server name to sslip.io hostname, and configure the SSL portion to use the key and certificate downloaded from GitHub. Here is a sample from sslip.io's webserver's nginx.conf (modified for clarity):

-      
+      
Third, configure the webserver with the SSL certificate
+        & key

+      
Configure the server's configuration file's SSL portion
+        to use the SSL certificate & key downloaded from
+        GitHub. Here is a sample from sslip.io's webserver's
+        nginx.conf (modified for clarity):
 
 server {
-  server_name         52-0-56-137.sslip.io;
   listen              443 ssl;
   ssl_certificate     /etc/ssl/sslip.io.chained.crt.pem;
   ssl_certificate_key /etc/ssl/sslip.io.key.pem;

-      
Finally, restart your webserver and browse to its sslip.io address via HTTPS

-      
Browse to your webserver's sslip.io hostname, e.g. https://52-0-56-137.sslip.io (assuming that 52.0.56.137 is the IP address of your webserver, which it isn't because that's
-the IP address of our webserver). Admire the beautiful green lock in your browser's address bar.

+      
Finally, restart your webserver and browse to its sslip.io
+        address via HTTPS

+      
Browse to your webserver's sslip.io hostname, e.g. https://52-0-56-137.sslip.io        (assuming that 52.0.56.137 is the IP address of your
+        webserver, which it isn't because that's the IP address
+        of our webserver). Admire the beautiful green
+        lock in your browser's address bar.

       

         

       

@@ -141,33 +146,34 @@ the IP address of our webserver). Admire the beautiful green lock in your
     
   
   
-
-  
   
+Bootstrap core JavaScript ================================================== -->
+  
   
+(necessary for Bootstrap's JavaScript plugins) -->
   
   
+Latest compiled and minified JavaScript -->
   
   
+IE10 viewport hack for Surface/desktop Windows 8 bug -->
   
-  
+