Splitting the Site

2018-07-02

I didn't ever really intend to do this, but I've now created two subdomains (code and photo) which are using modified code to provide more automatic layouts for stuff I put up on here.

Hopefully it's pretty obvious what the sites are about from the title, but just incase it's not, the main domain will remain the place where I put up blog style posts, primarily about Linux / scripting.

The code site will be specifically for keeping my project files up to date so you can view the code without needing to download and without needing to go to github. I still need to add a way of downloading a .gz of the code. But I've already added a few new projects there and most importantly bashlib is now *finally* home.

The photo site will be specifically for any of my photography projects, which currently has the NGTE photos on it (https://photo.maydn.org/NGTE%20Pyestock%20Exploration/). I will get some of my other work up on there in the near future as well (my Icelandic set have some really good ones in it).

I also don't know if I'm keeping the icon bar (either vertically on desktop, or horizontally on mobile) yet, I somehow both love and hate it. But the rest of the site(s) design should be final now.

The last bit of news is that I've added a style switcher, both to the icon menu and in the footer, which allows you to change between light and dark themes. This uses sessions but not cookies, so it only lasts as long as your browser session and it only stores which theme you are using, no other information is kept by me. It should keep your current page location as well, though the anchor will be lost (not a lot I can do about that, as anchors aren't passed to the server).

Update 2018-07-03: I've also finally fixed my Apache config and SSL Labs are reporting 100% on all 4 results:

SSL Labs Results

The key points to increasing this rating were the ciphers and changing the DH curve to a stronger default (the DH key also needs to be 4096bit). I've also disabled TLSv1 (which I'd had enabled for a few legacy browsers).

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1.1 -TLSv1
SSLHonorCipherOrder on
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
SSLCompression off
SSLSessionTickets Off
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
SSLOpenSSLConfCmd ECDHParameters Automatic
SSLOpenSSLConfCmd Curves secp521r1:secp384r1
SSLCipherSuite AES256+EECDH:!aNULL
SSLCertificateFile /etc/ssl/certs/apache.pem
SSLCertificateKeyFile /etc/ssl/private/apache.pem
SSLStrictSNIVHostCheck off
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

OCSP stapling needs to be enabled on the server globally rather than per host, so you'd need to enable it and specify the cache outside the virtualhost.

SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
SSLStaplingResponseMaxAge 900