Enable HTTPS for your domains in 5 minutes & for free!

For a while, I’ve been thinking about encryption domains, like this one. But cost & complications associated with enabling SSL encryption prohibited me to do so…
Today, I’ve realised, Let’s encrypt, new certificate authority, that is completely free, automated and open, makes SSL encryption super easy!
Try it yourself (this if for Ubuntu 14.04 & Apache, for another system configuration check https://certbot.eff.org/):

sudo apt-get install git

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
sudo ./letsencrypt-auto --apache -d DOMAIN1 -d DOMAIN2

# setup weekly cron autorenewal on Monday at 2:30
sudo crontab -e
# and paste `30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log`

If you wish to redirect all traffic domain through HTTPS, do following:

# enable mod_rewrite engine in apache2
sudo a2enmod rewrite

# add to your apache conf file
    # redirect to HTTPS
    RewriteEngine on
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} ^YOUR_DOMAIN\.COM*
    RewriteRule ^(.*)$ https://YOUR_DOMAIN.COM/$1 [L,R=301]

# reload apache2 configuration
sudo service apache2 reload

Voilà!

Inspired by digitalocean.
Thanks to @sheebang for underlining the importance of renewing the certificates!

Encrypted swapfile

Sometimes, it’s worth to encrypt swap space, especially if you process some privacy-sensitive data.

# install cryptsetup
sudo apt-get install cryptsetup
 
# generate swap
sudo truncate -s 1GB /cryptswap
sudo mkswap /cryptswap
 
# add to /etc/crypttab
cryptswap /cryptswap /dev/urandom swap
 
# add to /etc/fstab
/dev/mapper/cryptswap none swap sw 0 0
 
# activate encryption and swap
sudo /etc/init.d/cryptdisks reload && sudo swapon -a

Inspired by AskUbuntu.