How to make my emails more secure when the sync engine is hosted remotely? - Githubissues

nylas / sync-engine

:incoming_envelope: IMAP/SMTP sync system with modern APIs

https://nylas.com/docs/platform

GNU Affero General Public License v3.0

3.5k stars 354 forks source link

How to make my emails more secure when the sync engine is hosted remotely? #428

Closed kun-zhou closed 7 years ago

kun-zhou commented 7 years ago

I am a newbie to Linux. I set up my sync-engine remotely on an Amazon EC2 instance. I adjusted the security settings to allow for inbound traffic with HTTP protocol at the default sync engine port 5555. I understand that one can limit which IP can access the port, but it is not quite a mobile option. I have the following two questions:

When I connect to the sync engine, all I needed was the IP address and the port number, does it mean anyone who knows this information can fetch my emails? If so, what should I do to improve them?
The sync-engine seems not to accept HTTPS request in place of HTTP, how can I use HTTPS instead?

Do let me know if this is not the right place to post them. Many thanks ~

grinich commented 7 years ago

We recommend putting it behind a reverse proxy (like nginx) that adds SSL and blocks the /accounts endpoint.