Problem: Add support for SSL into the installation process and/or docs

[Robbt]

This is another longer-term priority, but it would be a good best practice addition.
I'm not sure the best way to approach the actual SSL certs etc, but it makes sense for us as a project to make it easy enough for people to figure out how to do this without needing to learn how to configure Apache by trial and error.

[hairmare]

Internal comms (to the DB, RabbitMQ, ...) should be encrypted using TLS as well. For public certs we should point folks to letsencrypt. Adding a security page to the docs that explains how to get up and running with letsencrypt should be easy :) I also see us adding more details concerning security to the preparing the server docs.

[geftactics]

Maybe https://certbot.eff.org could be intergrated an optional part of the setup process?

[HammyHavoc]

@Robbt, I feel it's an absolute necessity in 2018 to be using SSL, considering mainstream browsers are soon going to be making a big deal out of inputting information into any website that isn't using it.

Seconding @squiggleuk's suggestion of Let's Encrypt. It's worked well for RocketChat.

[Robbt]

Totally agree that this should be a priority.

[mepholic]

I set up LetsEncrypt on a LibreTime instance recently and it was relatively straightforward. I think we should do this as a default for SSL, and leave the configuration of custom SSL certs up to the system administrator if they'd like to go that route. I can look in to this soon.

[Robbt]

I agree. Do you want to document what you needed to do to set it up. We can probably integrate it into the installer as well for internet accessible domains.

[gusaus]

Thanks again @mepholic for taking this on! Can you assign yourself this task (or is that something @Robbt or another admin can do)?

[zklosko]

@geftactics Certbot is definitely the way to go. 👍 I can add a guide sometime this week.

[zklosko]

This was fixed by PR #1030 and can be closed