-
-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update https.md #244
Update https.md #244
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,24 +7,33 @@ description: Easily configure The Lounge to be served over HTTPS for better secu | |
In this guide, we will see how to easily configure The Lounge to be served over [HTTPS](https://en.wikipedia.org/wiki/HTTPS) for better security and privacy. | ||
|
||
{: .alert.alert-warning role="alert"} | ||
The Lounge only has basic HTTPS support, and will need to be manually restarted to reload certificates on renewal. For advanced HTTPS support, consider [using a reverse proxy](/docs/guides/reverse-proxies). | ||
The Lounge only has basic HTTPS support. | ||
|
||
First, you need an HTTPS certificate. [Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open Certificate Authority that provides completely free HTTPS certificates. | ||
First, you need an HTTPS certificate and a domain. Make sure your domain's A record pointing to your server's IP. [Let's Encrypt](https://letsencrypt.org/) is a free, automated, and open Certificate Authority that provides completely free HTTPS certificates. | ||
|
||
Assuming you have a valid email address at `email@example.com`, and want to serve The Lounge at `https://thelounge.example.com`, run these commands on your server: | ||
Assuming your domain is `thelounge.example.com`, follow these steps: | ||
|
||
1. Install nginx with `sudo apt install nginx`. | ||
2. Create configuration file for your domain with `sudo nano /etc/nginx/sites-available/thelounge.example.com` | ||
3. Paste code below: | ||
``` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is not an improvement over the reverse proxy docs, you are essentially writing an opinionated guide that only works on Debian / Ubuntu specific distros.
|
||
git clone https://github.com/letsencrypt/letsencrypt | ||
cd letsencrypt/ | ||
./letsencrypt-auto certonly --standalone --email email@example.com -d thelounge.example.com | ||
server { | ||
listen 80; | ||
server_name thelounge.example.com; | ||
|
||
location / { | ||
proxy_set_header X-Forwarded-For $remote_addr; | ||
proxy_set_header Host $http_host; | ||
proxy_pass "http://127.0.0.1:9000"; | ||
} | ||
} | ||
``` | ||
|
||
Follow the instructions on screen. This should generate a private key, as well as your HTTPS certificate that will expire after 90 days. | ||
|
||
Open your configuration file, located at `${THELOUNGE_HOME}/config.js` and look for the `https` key, and set the following values: | ||
|
||
- Change `enable` to `true` | ||
- Set `key` to the private key path that was generated, `privkey.pem` | ||
- Set `certificate` to the certificate path, `fullchain.pem` | ||
|
||
Let's Encrypt will create its `/etc/letsencrypt` folder as root user, so you might have to change the owner of these files to the user that runs The Lounge. | ||
4. Save and close the file. | ||
5. Enable the configuration file with `sudo ln -s /etc/nginx/sites-available/thelounge.example.com /etc/nginx/sites-enabled/thelounge.example.com` | ||
6. Check the configuration file for errors with `sudo nginx -t` | ||
7. If there's no errors, restart nginx with `sudo systemctl restart nginx` | ||
8. Next, install certbot with `sudo apt install certbot python3-certbot-nginx` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. debian / ubuntu specific things again |
||
9. Start creating SSL certificate with `sudo certbot --nginx -d thelounge.example.com` | ||
10. Enter your valid email and agree to Let's Encrypt's TOS. | ||
11. Enter `2` to automatically redirect traffic to HTTPS | ||
12. Test your secured The Lounge installation by going to `https://thelounge.example.com` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please don't remove the reverse proxy docs, that's actually what should be referred to, not just an nginx config that only works on some distributions.