-
-
Notifications
You must be signed in to change notification settings - Fork 18
SSL for your Server
To make your server available to the outside world you need a domain and a SSL certificate. Here you will find some ideas and support to get started. Also make sure that you have setup your network router with port-forwarding as described here: router port-forwarding.
The easiest way to secure your SEPIA-Home server is to obtain a free domain via the dynamic DNS service DuckDNS and get free SSL certificate from Let's Encrypt.
The Advantage of using DuckDNS is that you can do a DNS challenge to prove your domain ownership to Let's Encrypt meaning that you don't have to setup any complicated access to your server from the outside world (technically you just add a TXT record to your DNS zone which can be done via the DuckDNS API). Here are the steps to follow:
- Get an account at https://www.duckdns.org/ (free)
- Define your domain (e.g. https://my-fancy-sepia-server.duckdns.org) in your DuckDNS settings
- Write down the access token given by DuckDNS
- Open your SEPIA-Home installation and start the setup script (setup.sh for Linux)
- Choose: 'Setup dynamic DNS with DuckDNS' and enter your DuckDNS domain and access token
- Open the '~/SEPIA/letsencrypt' folder and start the 'run-certbot-duckdns.sh' script
- Enter a valid E-mail address to get important updates from Let's Encrypt (e.g. when to renew your certificate)
- If you see no critical errors you should have your own, secure domain now pointing to your SEPIA-Home server location
- Restart your SEPIA-Home server
If you want to use the SEPIA-Proxy to use your SSL certificate there are 2 more steps to do:
- Run '~/SEPIA/letsencrypt/copy-cert-to-keystore.sh' to convert the Let's Encrypt certificate to Java-compatible version
- Make sure your proxy settings are pointing to the correct SSL files (see properties file of SEPIA-Proxy) and run the proxy with SSL support
Done :-)