Configure A Vapor HTTPS Server

In this article you will learn how to setup an HTTPS server with Vapor. The principal motivations for HTTPS are authentication of the accessed website, and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks, and the bidirectional encryption of communications between a client and server protects the communications against eavesdropping and tampering.

HTTPS is a secure protocol

Prerequisite

The next section will assume that you already configure a server with Vapor 4.0. In this example, Vapor is linked to a MongoDB database.

Vapor server architecture

First Step : Install Nginx

The first step is to install Nginx on your server. Connect to your server with ssh and run these commands :

sudo apt-get update
sudo apt-get install nginx

Once Nginx is installed, run this command to configure Nginx for your application :

vim /etc/nginx/sites-enabled/default

Setup the configuration by editing your server name and the root path :

# Default server configuration
#
server {
server_name hello.com;
listen 80;
root /home/vapor/Hello/Public/;
# Serve all public/static files via nginx and then fallback to Vapor for the rest
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
}

Second step : Install the certificate with certbot

Certbot is an automated tool that will use Let’s Encrypt to build your certificate and install it on your server. Depending on your server OS, you will be guided to the right process to install the certificates. When Certbot has completed the process, it will edit you Nginx setup. Re-open it to see the difference.

server {
server_name hello.com;
root /home/ubuntu/;
# Serve all public/static files via nginx and then fallback to Vapor for the rest
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_pass http://127.0.0.1:8080;
proxy_pass_header Server;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Server;
proxy_connect_timeout 3s;
proxy_read_timeout 10s;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hello.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hello.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = hello.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;server_name hello.com;
return 404; # managed by Certbot
}

Check the configuration

Go to your website with your favorite browser and enter :

https://hello.com

If you enjoyed this post, please leave some claps. 👏👏👏

You can clap up to 50 times, so get clicking/tapping! 😉

French iOS / Android experimented developper from Toulouse in south of France.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store