Configure A Vapor HTTPS Server
In this article you will learn how to setup an HTTPS server with Vapor. The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering.
Prerequisite
The next section will assume that you already configure a server with Vapor 4.0. In this example, Vapor is linked to a MongoDB database.
First Step : Install Nginx
The first step is to install Nginx on your server. Connect to your server with ssh and run these commands :
sudo apt-get update
sudo apt-get install nginxOnce Nginx is installed, run this command to configure Nginx for your application :
vim /etc/nginx/sites-enabled/defaultSetup the configuration by editing your server name and the root path :
# Default server configuration
#
server {
server_name hello.com;
listen 80;
root /home/vapor/Hello/Public/;# Serve all public/static files via nginx and then fallback to Vapor for the rest
location / {
try_files $uri @proxy;
}location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}
Second step : Install the certificate with certbot
Certbot is an automated tool that will use Let’s Encrypt to build your certificate and install it on your server. Depending on your server OS, you will be guided to the right process to install the certificates. When Certbot has completed the process, it will edit you Nginx setup. Re-open it to see the difference.
server {
server_name hello.com;
root /home/ubuntu/;
# Serve all public/static files via nginx and then fallback to Vapor for the rest
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hello.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hello.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = hello.com) {
return 301 https://$host$request_uri;
} # managed by Certbotlisten 80;server_name hello.com;
return 404; # managed by Certbot
}
Check the configuration
Go to your website with your favorite browser and enter :
If you enjoyed this post, please leave some claps. 👏👏👏
You can clap up to 50 times, so get clicking/tapping! 😉
