How to host instance with TLS

[therocode]

Hosting an instance of pb is really simple using the docker file, however this makes it listen as a normal http server, not https. As far as I could see, there are no options in the docker file to host it with TLS. What's the best practice of doing such?

[buhman]

What's the best practice of doing such?

Not sure.

host it with TLS

The ptpb.pw deployment uses nginx for ssl termination, combined with proxy_pass. A previous configuration looked like this:

server {
    listen 443 default_server;
    listen [::]:443 default_server;

    client_max_body_size 64M;

    server_name _;

    ssl    on;
    ssl_certificate    /etc/letsencrypt/live/ptpb.pw/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/ptpb.pw/privkey.pem;

    location / {
            proxy_pass       http://localhost:6081;
            proxy_set_header Host      $host;
            proxy_set_header X-Forwarded-Proto https;
    }
}

This is a "bare minimum" configuration. I also suggest auto-resty-ssl for automated renewal (contrast to what is shown in the above config). Maybe if I feel motivated this weekend I'll package this into an all-in-one docker image.

[therocode]

Thanks for the information, appreciated!

Eventrually having it as a docker image would certainly be helpful for people with not much experience in setting up hosted systems (like me).

Thanks!