Switching to HTTPS

aaron

Hi, thanks in advance for any advice. I just got my SSL Certificate and I need to install it (I'm running NodeBB on an Ubuntu 13.10 EC2 instance). Would you recommend doing this by setting up a reverse proxy server or by installing it directly into the application? How would I go about doing this?

Thanks!

miksago

@aaron there's multiple things you'll need to do here:

Rewrite the URLs stored in your database for Images, there's an example of one of these scripts at: http://pastebin.com/p1LvsEjZ. I'd recommend using a protocol-less url, e.g., //community.nodebb.org/uploads/foobar.png
Use some sort of SSL terminator (Stud, HAProxy, NGinx)

Make sure you rewrite your database first, otherwise you'll break all your images.

— Micheil

julian

I prefer having nginx handle all of the SSL negotiation. Less work for the node.js instance, in my opinion, and nginx handles it beautifully.

As @miksago says -- if you have any uploaded URLs, they should be changed to https instead of http. I believe both uploaders now use protocol-independent URLs, or default to https... @miksago @baris ?

miksago

@julian I think the built-in one uses urls with protocols. We might need to do a patch for that.

Ideally we should also figure out a way to run "storage migrations" in some sort of sane way.

<baris>

I took a look at the built in uploader and it looks like it doesn't use protocol or domain.

NodeBB/src/file.js at master · NodeBB/NodeBB

Node.js based forum software built for the modern web - NodeBB/src/file.js at master · NodeBB/NodeBB

GitHub (github.com)

uses url: nconf.get('upload_url') + filename where upload_url is nconf.set('upload_url', path.join(path.sep, nconf.get('relative_path'), 'uploads', path.sep));

So all local uploads have the url /<relative_path>/uploads/<filename>

miksago

@baris Ah, nice!

aaron

What are the implications of that for setting up HTTPS? Could you maybe list the steps I need to take to set up nginx as a reverse proxy / SSL terminator / whatever? I'm very new to all of this

Thanks!

aaron

Or the steps for setting it up directly in the application? Whichever is easier. It doesn't need to handle a huge load; I just want it to work. Thanks!

miksago

@aaron you'd probably use a terminator for doing HTTPS, purely because then you wouldn't have to modify NodeBB directly. You might find this guide from Digital Ocean to be useful: https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04/

That said, I've never setup an SSL certificate before (have to learn soon though)

julian

A fairly good guide for configuring SSL certificates (Linode)