Skip to content
This repository was archived by the owner on Oct 25, 2022. It is now read-only.

Configuring HTTPS

Jump to bottom
Haz Æ 41 edited this page Dec 11, 2020 · 5 revisions

Saurus apps use strict HTTPS, you must have trusted certificates for them to work.

This tutorial will help you generate trusted certificates using Let's Encrypt, or use a reverse proxy.

Generate Let's Encrypt certificates (Linux)

This solution is the best if you have a domain name and a dedicated Linux server.

  • Install Certbot

    $ sudo apt install certbot

  • Open port 80 if it is closed

  • Generate certificates

    $ sudo certbot certonly --standalone

  • Follow instructions: enter your email, your domain name, say yes

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/<hostname>/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/<hostname>/privkey.pem

  • Copy your certificates to a ssl folder in your Saurus installation (and do it each time you renew them)

    $ mkdir ssl
$ sudo cp /etc/letsencrypt/live/<hostname>/fullchain.pem ssl
$ sudo cp /etc/letsencrypt/live/<hostname>/privkey.pem ssl

  • Ensure you own and have read permision on ssl

    $ sudo chown -R <username> ssl

  • Try HTTPS with test/https.ts: modify the port if you want (don't forget to open it!)

    $ deno run --allow-net test/https.ts

  • You can now modify your start.ts with the certificates location

    // Example
const saurus = new Saurus({
  port: 8443,
  certFile: "/etc/letsencrypt/live/sunship.tk/fullchain.pem",
  keyFile: "/etc/letsencrypt/live/sunship.tk/privkey.pem",
})

Don't forget to open the port!

Use a reverse proxy

Use this solution if you are using Saurus on your local machine.

Configuring Saurus

Configuring Saurus for HTTP

If your proxy is on the same machine, you can use HTTP safely.

Just don't configure certFile and keyFile in your start.ts:

// Example with HTTP on port 8080
const saurus = new Saurus({ port: 8080 })

Don't forget to open the port!

Configuring Saurus for HTTPS (with Self-Signed certificates)

If your proxy is on another machine, the best solution is to always use HTTPS.

Just enter the certificates location, and redirect your proxy to your machine.

// Example with self-signed certificates
const saurus = new Saurus({
  port: 8443,
  certFile: "./ssl/fullchain.pem",
  keyFile: "./ssl/privkey.pem",
})

Don't forget to open the port!

Clone this wiki locally