This isn't about Drummer per se, but would be a possible path for Drummer itself to run under HTTPS
Caddy is a very easy way to implement HTTPS for your PagePage domains. It is a web server that can do automatic HTTPS, automatically provisioning TLS certificates (from Let's Encrypt) for a domain and keep them renewed. It can even obtain TLS certificates on demand for your PagePark domains, without out having to configure the domains in Caddy.
Here is an example of setting up Caddy on an existing PagePark installation on a Digital Ocean server running Ubuntu (assuming you have domains in your domains folder and have mapped port 80 to PagePark using iptables as in the instructions).
-
Install the official Caddy package for Ubuntu per their instructions. This automatically starts and runs Caddy as a systemd service.
-
Open the Caddy configuration file in the nano editor with
sudo nano /etc/caddy/Caddyfile
-
Replace the entire contents with:
{ on_demand_tls { ask http://localhost:1339/isdomainvalid interval 2m burst 5 } } https:// { tls { on_demand } reverse_proxy localhost:1339 }
-
Restart the Caddy service with
sudo service caddy restart
-
Test https for one of your domains in the terminal with curl: e.g.
curl https://www.example.com
. This first time it will take several seconds for Caddy to request and obtain a certificate. It may even fail the first time, but then try again. The content of the index page of your domain should be printed to the terminal. That means it works!
This configuration means that both HTTP (over iptables) and HTTPS (over Caddy) will work for your domains!
If you have not mapped port 80 to PagePark, the configuration above will also listen to port 80 and redirect HTTP requests to HTTPS.
If you'd rather not redirect port 80, you can add a section for HTTP and disable redirects like this:
{
auto_https disable_redirects
on_demand_tls {
ask http://localhost:1339/isdomainvalid
interval 2m
burst 5
}
}
http:// {
reverse_proxy localhost:1339
}
https:// {
tls {
on_demand
}
reverse_proxy localhost:1339
}
To delete an iptables rule you have to know the rule number. You can list the nat rules with
sudo iptables -t nat -v -L -n --line-number
The output will look something like this:
The number in front of the rule is the rule number. To delete these two rules, we need two commands
sudo iptables -t nat -D PREROUTING 1
sudo iptables -t nat -D OUTPUT 1
(changing the 1 at the end if your rule number is different).
They are for security purposes. They limit certificate requests to only domains configured in PagePage, and limits the rate of those requests. Otherwise an attacker can bombard your server with certificate requests for domains you don't even serve.
Domains that are not explicitly in the domains directory will not be served automatic certificates. You can check the Caddy documentation for adding domains explicitly to the Caddy configuration.