Guest wifi in the Community Centre

We’ve finished up our resiliency and soft-launch testing, and we’re finally happy to roll out guest wifi in the Community Centre! If you’re visiting us, point your phone’s camera at one of our wifi QR Code posters to get connected, or manually enter the network details.

Getting technical with Raspberry Pi, Omada, SMTP and HTTPS

We did a load of stuff with our network controller, and we wrote a whole blog post about it.

Securing the printer

Flush with the success of getting the Omada controller to use an HTTPS certificate, we went and issued one for our office printer as well. We regularly interact with this over its webserver to check up on print jobs, so by adding its own dedicated name and certificate we manage to reduce the amount of scary entering of IP addresses people need to do and reduce the number of scary warnings which people get about viewing an insecure web page.

The printer continues to be accessible only from our internal network, and is nicely fenced off from the guest wifi as well.

Tightening up our website security

Continuing on the theme of better HTTPS, we’ve adjusted some settings on our edge proxy (the bit which sits between our servers and the rest of the internet) to demand higher levels of security from browsers viewing our website. This has brought our grade using the Qualys SSL Server Test from a B to an A+.

Here’s the short rundown of things we’ve changed:

  • We’ve moved our minimum version of TLS from 1.0 to 1.2, which means you can no longer connect using the deprecated 1.0 and 1.1.
  • We’ve switched on HSTS for, so browsers visiting our website are now explicitly told to only ever visit using HTTPS.
  • We’ve added CAA records to our DNS, explicitly stating which certificate authorities we trust to issue certificates for us.