The Internet Society's Open Standards Everywhere Project

This repository contains documentation for the Internet Society's 2020 Open Standards Everywhere project with the goal of helping people create more secure web servers using the latest open standards.

Documentation

The following documents were created as part of the project. The documentation has been developed and verified on our reference servers running Debian 10.2 and either Apache 2.4.38 or NGINX 1.14.2. We use certbot 0.31.0 for Let's Encrypt certificates.

Introduction

IPv6

DNSSEC

How to configure DNSSEC for your apache or NGINX web server

TLS 1.3 using Let's Encrypt

TLS - How to disable TLS 1.0 and 1.1

TLS - HSTS

TLS - Cipher Order

TLS - HTTP security headers

HTTP/2

Servers

For the 2020 Open Standards Everywhere (OSE) project, we built four reference servers so that you could use them for tests to see what "good" looks like:

All of these servers are being configured to achieve 100% on the Internet.nl website test suite and to pass the http2.pro HTTP/2 test.

Two of the servers are set up as "regular" web servers running in virtual machines. Two of the servers are set up behind a content delivery network (CDN).

Providing feedback

If you find any errors in the documentation, or have additional suggestions, please open a new issue here on GitHub so that we can respond. If you do not use GitHub and do not wish to create a free GitHub account, you can email project lead Dan York.

Questions?

If you have questions about this project, please contact project lead Dan York, either here on Github (@danyork) or at york@isoc.org

About

Documentation for the Internet Society's Open Standards Everywhere project