Secure origin for deployment

[blackerby]

When trying out the latest Docker image on the docker playground, I noticed that the copy to clipboard functionality was not working (details were in the JavaScript console). According to https://stackoverflow.com/a/51823007, clipboard access from a browser requires a secure origin. What will we need to do on campus to have a secure origin/use HTTPS?

[blackerby]

This looks promising: http://chrisstump.online/2016/05/05/lets-encrypt-docker-rails/

[blackerby]

But it would involve using NGINX instead of the built in puma server.

[blackerby]

Other potential helpful resources: https://winstonkotzan.com/blog/2019/03/09/production-https-setup-for-ruby-on-rails-app-with-docker.html https://blog.velalu.qa/development/bugs/2018/03/05/secure-rails-docker-environment-with-lets-encrypt.html https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71

[blackerby]

Another resource: https://blog.hiimtmac.com/posts/docker-with-nginx-and-letsencrypt/

[blackerby]

And another: https://github.com/puma/puma/blob/master/docs/nginx.md

[blackerby]

And another: https://docs.docker.com/engine/security/protect-access/

I've got the nginx reverse proxy working on my machine, but the SSL stuff is a doozy. It's going to need some in-person conversation.

[blackerby]

Yup, another resource: https://eff-certbot.readthedocs.io/en/stable/install.html#running-with-docker

[blackerby]

0856660e7608e4fb47d26947073ae2ece49f4b5b gets us part of the way there.

[blackerby]

This may be our best bet: https://mindsers.blog/post/https-using-nginx-certbot-docker/. We're going to need a domain name though.

So here's an ignorant question: could we use the existing certificate for www.indiansprings.org?