How to host instance with TLS

Question

How to host instance with TLS

Closed this issue 6 years ago · 2 comments

Hosting an instance of pb is really simple using the docker file, however this makes it listen as a normal http server, not https. As far as I could see, there are no options in the docker file to host it with TLS. What's the best practice of doing such?

Answer 1 · 2018-09-08T05:08:28.000Z

What's the best practice of doing such?

Not sure.

host it with TLS

The ptpb.pw deployment uses nginx for ssl termination, combined with proxy_pass. A previous configuration looked like this:

server {
	listen 443 default_server;
	listen [::]:443 default_server;

	client_max_body_size 64M;

	server_name _;

	ssl    on;
	ssl_certificate    /etc/letsencrypt/live/ptpb.pw/fullchain.pem;
	ssl_certificate_key    /etc/letsencrypt/live/ptpb.pw/privkey.pem;

	location / {
    		proxy_pass       http://localhost:6081;
    		proxy_set_header Host      $host;
    		proxy_set_header X-Forwarded-Proto https;
	}
}

This is a "bare minimum" configuration. I also suggest auto-resty-ssl for automated renewal (contrast to what is shown in the above config). Maybe if I feel motivated this weekend I'll package this into an all-in-one docker image.

Answer 2 · 2018-09-13T11:31:21.000Z

Thanks for the information, appreciated!

Eventrually having it as a docker image would certainly be helpful for people with not much experience in setting up hosted systems (like me).

Thanks!