Closed ghost closed 2 years ago
Draghmar
commented
5 years ago I'll add to this that obtaining cert is very easy this days with https://letsencrypt.org/ The certbot (official app for auto installing certs) is available at Ubuntu and there is plugin for nginx: https://certbot.eff.org/
kaytrance
commented
5 years ago Keep in mind that backend runs on nodejs + express (without any canonical webserver, like apache or nginx) so here's more suitable guide.
Draghmar
commented
5 years ago Oh, sorry then. I checked what whois said for the domain and it was nginx. But from what I see the whole process is very similar to every other installation. You could also add http2 support with https: https://nodejs.org/api/http2.html
OwenGHB
commented
2 years ago we've had SSL since forever ago now so I can close this
Since users are creating accounts and typing passwords the connection should be encrypted with an SSL certificate. I recommend getting one from LetsEncrypt. People have a tendency to reuse passwords and usernames on multiple sites. Users of angband.live are currently susceptible to man in the middle attacks since passwords are being transmitted in plain text.
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Basically, service to port 80 should be redirected to port 443 and a cert should be registered with the server.