Serving Pier with HTTPS

For reading this wiki, I'm fine to use unencrypted HTTP, however for logging in and editing pages, it seems better to use HTTPS. For making this change, I've done the following:


Open Connectivity

For security, I use security groups in AWS. To prevent issues with the next steps, an entry was added to allow incoming traffic on port 443.

Request SSL Certificates from Let's Encrypt

The site https://letsencrypt.org provides the files, installed with:

ubuntu@ip-172-31-43-26:~$ sudo snap install --classic certbot
certbot 1.11.0 from Certbot Project (certbot-eff✓) installed

After reading and aggreeing to the subscriber agreement, the script had errors with my NGinX config:

Account registered.
No names were found in your configuration files. Please enter in your domain

This did setup the certs in the proper directory despite the error.

NGinX Configuration Updates

These are described on NGinX in Front of Pier, specifically:

  • turning off server_tokens should help with security
  • adding a listener for SSL on port 443
  • really large pages can take Pier more than one minute to bring up. The proxy timeout of 300 prevent NGiNX from displaying a gateway error
Posted by John Borden at 3 February 2021, 10:26 pm link